UCITA proponents unfazed as ABA refuses to endorse licensing law. 
An early adopter shows that Web services really can work. 
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Microsoft Revamps Datacenter 


Adds more support 
options to program, 
but impact unclear 
BY CAROL SLIWA 

Microsoft Corp.’s recently re- 
vamped and renamed Data- 
center High Availability Pro- 
gram will bring users addi- 
tional options for support and 
a quicker path to swap out mi- 
nor components from their 
pretested configurations. 

But while the changes rep- 
resent a positive step, it’s un- 
clear how much they will af- 
fect the existing user base or 
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KNOWLEDGE CENTER ROI 


Do the Math! 


Yes, it’s possible to waste time on ROI. 
aay But calculating the return on investment 


aaa 


for big IT projects 
can yield big dividends if 
done properly. We provide a 
CIO's guide to the strengths 
and weaknesses of 10 differ- 
ent ROI models. 
STORIES BEGIN ON PAGE 21. 


whether they will spark an 
uptick in the sluggish adop- 
tion of Microsoft’s challenger 
to high-end Unix systems. The 
new program aspires to the 
same lofty goals that its prede- 
cessor — the more plainly 
named Windows Datacenter 
Program — did when it was 
launched in September 2000. 
“The Datacenter product is 
great. I love that I can vertical- 
ly scale Intel chips,” said Mor- 
ris Koeneke, database services 
manager at early adopter 
Mary Kay Inc. in Dallas. “But 
the Datacenter program is in 
desperate need of repair, and 
I'm not optimistic that they’ve 
really fixed the problem.” 
Koeneke said he would like 
more choice with the systems 
that attach to his Datacenter 
server, since he would like to 
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| Book excerpt: Measure the 
kind of RO! that the board of 
directors can understand: 
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of products. But he doesn’t 
want to have to pay the OEM 





to test the configuration. 
Datacenter, page 49 | 


Stage Set for Easy, 
Cheap Rollouts of 
IP-based Storage 


Approval of iSCSI standard paves way for 
product deliveries; users welcome alternative 





BY LUCAS MEARIAN 
After some fits and starts, an IP 
version of the low-cost SCSI 
storage interconnect is finally 
in position to attract wider at- 
tention from technology ven- 
dors and users. 

The Internet Engineering 
Task Force’s IP storage 
steering group last 
week formally ratified 
the iSCSI protocel as a 
standard. That paves 
the way for storage vendors to 
ramp up shipments of prod- 
ucts based on iSCSI, which is 
designed to let network ad- 
ministrators take servers that 
have been locked into direct- 
attached storage systems and 
plug them into IP-based net- 
works for data backup and 
management functions. 


Sun to Ship Technology Modules 


Strategy aims to ease 
complexity, promote 
integration, cut costs | 


BY JAIKUMAR VIJAYAN 
The flurry of products and 
services announced by Sun 
Microsystems Inc. last week is 
part of the company’s strategy 
to offer technology bundles 
that are more integrated, more 
integratable and that the com- 
pany will custom-configure 
for users as needed. 





As part of that strategy, Sun 
is moving to a quarterly cycle 
of technology releases that 
combine hardware, software, 
middleware and services 
products, company officials 
said last week. 

Sun will no longer roll out 
individual hardware or soft- 


| ware products but will instead 


focus on delivering pretested 
and easily configurable tech- 
nology modules that users can 
quickly plug into existing in- 
frastructures. 


After the vote, the IETF re- 
leased the iSCSI specification 
for public comments. David 
Black, a senior technologist at 
EMC Corp. and co-chairman 

of the IETF’s IP storage group, 
| said the comment period 
should last about a month. 
But, he added, “at this 
point, nothing will 
change. We’re done in 
terms of technical 
changes.” 
Because IP networks are 
| commonplace, iSCSI can be 
used to transmit data over 
| LANs, WANs and the Internet, 
potentially allowing users to 
access information via corpo- 
rate intranets or Web-based 
portals. “Whatever you can do 
with an e-mail, you can do 
iSCSI, page 49 


Re 
| New Under Sun 


= Blade servers based on SPARC 
and Intel processors 


= Nl assessment services 


The data center optimiza- 
tion technologies that Sun is 
rolling out as part of its N1 ini- 
tiative will play a key role in 
Sun, page 14 








Wants to write e-mails offline 


Recognize anyot those issues? Or, perhaps, all of them? We thought 
so. Many ofithese issues can be related to your jegacy desktop 
tunately, many of them can be addressed by features in 
Windows® XP Professional and ee XP eee, 





Want specific examples? Windows XP Professional offers new 


Remote Assistance, which enables you to view a user’s screen and 
control the user’s computer to solve technical problems from afar. 
Office XP Professional gives you installation support for HTTP, 








HTTPS, and FTP, which means you can install and maintain the suite 
directly from a Web server or a file share on your network. And finally, 
several new features make deployment easier than ever. For more 
ideas about managing your desktops, visit microsoft.com/desktop 
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KNOWLEDGE CENTER 
ROI 
Do the Math! 


This special report takes an in-depth 
look at the financial models for assess- 
ing the return on investment from IT 
projects. CIOs talk about the payoff 
from “doing the math,” and we provide 
a guide to the strengths and weaknesses 
of the major metrics, such as net pre- 
sent value and internal rate of return. 
But we also hear from the dissidents, 

who say ROI calculations can 
aaa be a waste of time. 

PACKAGE BEGINS ON PAGE 21. 


28 Payback period is popular, simple and useful. 
But it doesn’t tell you everything by a long shot. 


30 Net present value is an investment’s future 


net cash flows minus the initial investment. 


32 Internal rate of return is a handy way to 


24 Diligence Rewarded. Tips 


: from the pros: Learn how four 
: IT executives measure ROI 

> from technology projects and 
: what they gain from their 

: efforts. ONLINE: For more on 


Carlson Companies’ approach 


: to ROI, including how a possible war with Iraq 
: might factor into its analysis, read the full Q&A with 
: CIO Steve Brown. © QuickLink 35952 


40 Opinion: If you're chasing after every IT project 


: with ROI analyses, you’re wasting your time, 
2 suggests columnist Mark Hall. 


42 The Almanac: Fudged ROI calculations, mis- 


: understood software costs and the emergence of the 


“IT financial controller” are among the research 
tidbits in this month’s collection. 


43 The Next Chapter: Pundits predict that Wall 


: Street analysts will start monitoring corporate IT 
> investments and that CIOs will find their 


compensation linked to delivering ROI. 


> But are we developing “ROI myopia”? 


: 36 The Consultants’ Offerings. 

: Consultancies are inventing new 
= ROI metrics at a steady pace. 

: Here’s a look at five: Business 

: Value Index, information 


economics, IT scorecard, 
total economic impact and 


sort projects into “go” and “no-go” GUIDE total value of opportunity. 


categories. But it has flaws. 


34 Balanced scorecard is intended to consider 


everything that’s important to a company’s long- - 
: investment. @ QuickLink 35929 


> 38 Where RO! Models Fail. ROI models are 

: effective in helping CIOs justify IT investments 
: to top executives, but they fall short in 

> measuring soft benefits like the impact on sales, 
> customer service or employee productivity. 


term health. But there’s a danger of losing the 
forest in the trees. 


35 Economic Value Added is a business 
philosophy and ROI metric that makes sure 
managers subtract the cost of capital from the 
financial benefits of an investment. 


ONLINE: The Real Options 
model, championed by 


: Collaborative Consulting, emphasizes 


an incremental approach to IT 
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Ridge Releases 
Cyberdefense, 
Physical Strategies 
Secretary of Homeland Security 
Tom Ridge on Friday released the 
final versions of the Bush admin- 
istration’s national strategies to 
defend critical infrastructures 
from cyber and physical attack. 

As the nation remained at Code 
Orange - the second-highest level 
of alert - Ridge said the two strat- 
egy documents are critical to the 
future planning of the new U.S. 
Department of Homeland Security. 
The “National Strategy to Secure 
Cyberspace” and the “National 
Strategy for the Physical Protec- 
tion of Critical Infrastructures and 
Key Assets” will help guide gov- 
ernments and businesses in their 
efforts to defend the country from 
terrorism, said Ridge. 

One of the first priorities of the 
administration’s cyberdefense 
strategy will be to establish a na- 
tional cyberspace security re- 
sponse system that will enable 
the government to coordinate 
with the private sector on analy- 
sis, warning, incident manage- 
ment and recovery efforts stem- 
ming from a coordinated cyber- 
attack against the U.S. 

Howard Schmidt, acting chair- 
man of the President's Critical In- 
frastructure Protection Board, said 
a major thrust of the cyberdefense 
strategy is to work with the private 
sector to reduce the nation’s vul- 
nerability to attack. In addition, the 
Homeland Security Department is 
considering a cybersecurity alert 
system that would work in con- 
junction with the overall Homeland 
Security Alert System. 

Noticeably absent from the fi- 
nal version of the national cyber- 
defense strategy is any mention 
of regulating the private sector to 
force improvements in security. 
While Schmidt said the goal from 
the very beginning was to build a 
“partnership,” Bob Stephan, spe- 
cial assistant to Secretary Ridge 
for information analysis, said reg- 
ulation could be an option for 
some industries, such as chemi- 
cal manufacturing, where the 
threat to public health and safety 
is particularly acute. 

~ Dan Verton 
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UCITA Backers Lose 
Political Ammunition 


Bar association 
declines to give 
official blessing 
BY PATRICK THIBODEAU 
ACKERS of the contro- 
versial UCITA soft- 
ware licensing law in- 
tend to push ahead to 
win adoption by more states, 
despite a decision by the Amer- 
ican Bar Association last week 
not to back the proposed law. 
The ABA's governing body 
withdrew the Uniform Com- 
puter Information Transac- 
tions Act from consideration 
after it became clear that the 
measure didn’t have enough 
support among members of the 
influential legal association. 
The move, taken by the 
ABA at its midyear meeting in 
Seattle, has no direct impact 


| on UCITA and the push for 


state-by-state adoption. But it 
gives the law’s opponents am- 
munition to use against it in 
states where it’s introduced. 

UCITA’s drafter, the Nation- 
al Conference of Commission- 
ers on Uniform State Laws 
(NCCUSL), will seek adoption 
in states that have shown an 





‘Timeline 


1999: UCITA is introduced. 


2000: Virginia and Maryland 
adopt it. 


2001: Opponents organize and 
stop further adoptions. The 
ABA forms a committee to re- 
view the law. UCITA drafters 
agree to drop “self-help” re- 
mote turn-off provisions. 


2002: An ABA committee Ia- 
bels UCITA too confusing and 
complex and calls for a rewrite. 
No states adopt UCITA. 


2003: The ABA’s governing 
body declines to back UCITA. A 


interest in the act: Arizona, 
Colorado, Delaware, Okla- 
homa and Wisconsin, as well 
as the District of Columbia. 
Despite the ABA decision, 
Carlyle “Connie” Ring Jr., 
chairman of the NCCUSL’s 
UCITA drafting.committee, 
said he was pleased with the 
outcome. He claimed that op- 
ponents “engaged in counter- 
productive activity that result- 
ed in the ABA really wanting 


push for state adoption resumes. 





to leave [UCITA] to the states” 
to adopt uniform rules. 

Ring said there was “a great 
deal of manipulation of the 
[procedural] rules” by oppo- 
nents in order to achieve a 
negative outcome. But most 
ABA delegates wanted to take 
no position because there 
wasn’t enough time to debate 
the act, nor was the meeting 
the appropriate forum for de- 
ciding its merits, he said. 


Not Seeing Eye to Eye 
But some ABA members saw 
the situation differently. 

“The thing was dead on ar- 
rival, and [supporters] are try- 
ing to make [believe] that the 
ABA didn’t want to vote on it,” 
said Hervey Levin, a delegate 
from the ABA's Tort Trial and 
Insurance Section and a Dal- 
las-based attorney. 

Vincent Polley, chairman of 
the Cyberspace Law Commit- 
tee of the ABA’s Business Law 
Section, said UCITA raised 
concerns among members in 
part because it’s ahead of its 
time and seeks to put into law 
provisions that aren’t in com- 
mon commercial practice. He 
also said that UCITA is con- 


www.computerworld.com 


fusing and complex and that 
its controversiality means it’s 
likely to be altered in the vari- 
ous states and therefore not 
such a uniform law. Polley is 
deputy general counsel at 
Schlumberger Ltd., an oil-field 
services firm in New York. 

UCITA is designed to set 
uniform terms and conditions 
for software sales and elec- 
tronic transactions. The mea- 
sure is supported by vendors 
and trade groups, but oppo- 
nents believe it gives vendors 
too much power in contracts. 

UCITA’s proponents say 
that ABA backing isn’t critical. 
“ABA approval isn’t something 
we point to when we are push- 
ing an act,” said Katie Robin- 
son, an official at the Chicago- 
based NCCUSL. 

But opponents say that 
without ABA support, UCITA 
is seriously wounded, if not 
dead. “Pushing it forward in 
anything close to its current 
form is like dragging a dead 
whale back to sea,” said Bruce 
Barnes, an IT consultant in 
Dublin, Ohio. B 


DEAD OR ALIVE? 

UCITA should be dead, but it remains alive 
because of the NCCUSL’s foolish pride, 
says columnist Frank Hayes. Page 50 


UCITA Background: To read Computer- 
world's previous UCITA coverage, visit 
our Web site: 


QuickLink a1690 
www.computerworld.com 








Cisco Expands Its Line of 
Intrusion-Detection Tools 


BY MATT HAMBLEN 
Cisco Systems Inc. this week 
plans to announce new intru- 
sion-protection software and 
firewall enhancements, includ- 
ing functionality designed to 
lower IT staffing costs by dras- 
tically reducing false or irrele- 
vant system-intrusion alarms. 
Cisco officials said a major 
upgrade, Cisco Intrusion De- 
tection System (IDS) 4.0, will 
accompany the rollout of new 
Cisco Threat Response tech- 
nology that’s aimed at reduc- 
ing incidents of false intrusion 
alarms by 95%. The company 
will also announce upgraded 





management features for IDS 
4.0, as well as an intrusion- 
detection sensor appliance 
and a second-generation ver- 
sion of the IDS software for 
its Catalyst 6500 switch. 

In addition, Cisco will up- 
grade the software for its PIX 
Firewall appliances and unveil 
a virtual private network ac- 
celerator card that it said 
should provide performance 
improvements of up to 400% 
on networks that use the Data 
Encryption Standard and oth- 
er specifications. 

Cisco bought the Threat Re- 
sponse technology as part of 





its acquisition of Austin, Texas- 
based Psionic Software Inc. in 
October. 

Vignette Corp., a developer 
of content management and 
portal software in Austin, has 
been testing Threat Response 
and hopes to deploy a working 
version soon, said Selim Nart, a 
network architect at Vignette. 
The software should help Vi- 
gnette avoid having to hire 
more network management 
staffers to act on real alarms or 
to clear false ones, he said. 

Nart estimated that 20 
minutes’ worth of intrusion 
alarms results in 20 hours of 
work for a network adminis- 
trator. He said Vignette expe- 
riences a total of 96,000 intru- 
sion alarms in its global net- 
work monthly. So far, Threat 





Response “has been very ac- 
curate,” Nart said. “It helps us 
a lot on troubleshooting the 
real problems.” 

Threat Response, the im- 
provements included in IDS 
4.0 and the other features are 
examples of Cisco’s continued 
efforts to improve its security 
capabilities, said Zeus Ker- 
ravala, an analyst at The Yan- 
kee Group in Boston. By ac- 
quiring Psionic and other ven- 
dors, Cisco has been able to 
put together a network securi- 
ty “ecosystem” that rivals such 
as Nortel Networks Ltd. and 
Alcatel can’t match, he said. D 


MORE INFORMATION 


Visit our Security Knowledge Center online: 


QuickLink k1600 
www.computerworld.com 
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Data Analysis Vendors Add Supply Chain Tools 


BY MARC L. SONGINI 

SAS Institute Inc. is expanding 
its line of business-intelli- 
gence software in a bid to help 
users apply in-depth analytics 
to their supply chain process- 
es — making it one of several 
data analysis vendors with ini- 
tiatives of that kind. 

Cary, N.C.-based SAS last 
week announced plans to ship 
two applications designed to 
exploit its analysis capabilities 
in the supply chain arena. The 
company also said it has set up 
a supply chain analytics con- 
sulting group to help compa- 
nies install the applications. 

Cognos Inc. in Ottawa and 
Hyperion Solutions Corp. in 
Sunnyvale, Calif., said they’re 
also working to add supply 
chain analysis tools to their 
business-intelligence product 
lines. Scott Lawrence, director 
of analytic applications at 
Cognos, said the company’s 
software will give users the 


More Details 


ability to fully analyze their 
supply chain operations. 
Dennis McCarron, senior 
manager of business planning 
strategy at SAS, said the appli- 
cations his company is devel- 
oping will complement exist- 
ing supply chain management 
systems, such as the ones sold 





by SAP AG and i2 Technolo- 
gies Inc. The goal is to help 
users cut costs while optimiz- 


| ing their quality-control ef- 


forts, he explained. 
To that end, McCarron said, 
SAS will offer a demand-intel- 
ligence package that provides 
an integrated view of invento- 
ry, price optimization and 
product demand processes. 
Companies will be able to use 
the software to tailor their 
supply chains to better meet 
market needs and to adjust 
pricing and promotions. The 
application is initially being 
developed for the retail and 
consumer goods industries. 
SAS said it’s also working 
on a manufacturing process 
analysis application to help 
companies find 
ways to improve 
product quality 
and reduce time 
to market. That 
product will be 





seers 
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For more stories on this topic, 
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initially targeted at semicon- 
ductor and other high-tech 
companies. 

Both modules are available 
on a limited basis now and are 
due for general release by 
year’s end. 

The demand-intelligence 
capabilities sound interesting, 
said Gary Keathley, materials 
manager at Alcon Inc.’s manu- 
facturing plant in Houston. 
But he added that the eye care 
products maker customized 
its SAS applications to handle 
demand-analysis functions 
more than 10 years ago. 

Alcon’s SAS installation can 
take sales data, crunch the 
numbers and project future 
production needs at the Hous- 
ton plant based on factors 
such as season- 
ality and cus- 
tomer needs, 
Keathley said. 

The manufac- 
turing process 





Microsoft Plans Reporting 
Engine for SQL Server 


BY MARC L. SONGINI 
Microsoft Corp. last week an- 
nounced plans to embed an 
analytical reporting engine in 
the upcoming 64-bit version 
of its SQL Server database, 
adding another element to the 
decision-support capabilities 
it offers to corporate users. 
Currently, Microsoft sup- 
ports the ability to launch on- 
line analytical processing 
queries as part of SQL Server 
2000. But the new Reporting 
Services technology planned 
for the 64-bit release, which is 
code-named Yukon, will also 
let users create business re- 
ports and distribute them 
across corporate networks, 
said Sheryl Tullis, product 
manager for SQL Server. 
Although the reporting en- 
gine is being targeted primari- 
ly at developers within corpo- 
rate IT departments and at 
software vendors, end users 
will be able set up their own 
report parameters, Tullis said. 





The software will include Web 
services hooks for developing 
reports using Microsoft’s Vi- 
sual Studio .Net tool kit and 
-Net Framework programming 
model, she added. 

In addition, it will be able 
to interoperate with any data 
repository that has OLE DB or 
Open Database Connectivity 
(ODBC) interfaces and to pub- 
lish reports to Web browsers 
or Microsoft’s Office desktop 
applications. Reporting Ser- 
vices is scheduled for initial 
release in a beta-test version 
of Yukon due by midyear. 

Microsoft acknowledged 
that there will be some over- 
lap between Reporting Ser- 
vices and reporting tools sold 
by business partners such as 
Crystal Decisions Inc. in Palo 
Alto, Calif. But Microsoft said 
in a statement that it will con- 
tinue to provide partnership 


| opportunities for other report- 


ing tool vendors. 
The tight integration prom- 





ised among Microsoft’s SQL 
Server, Reporting Services and 
server management software 
makes the new technology es- 
pecially appealing to ProClari- 
ty Corp., a Boise, Idaho-based 
developer of business analyt- 
ics software. 


Money-Saving Move 
ProClarity, a Microsoft part- 
ner and SQL Server 2000 user, 
is testing an early version of 


| the Reporting Services soft- 


ware, said Clay Young, the 
company’s vice president of 
marketing. ProClarity plans to 


sLetusers t 
distribute them throughout 


® Include Web services hooks plus 
ODBC and OLE DB interfaces. 
= Support publishing of reports 
in Web browser or Office apps. 





roll out the reporting tools in- 
ternally when the beta release 
becomes available, he added. 

Young said ProClarity hopes 
to use Reporting Services to 
create reports that don’t re- 
quire further analysis after 
distribution, such as ones that 
detail the number of hits on its 
Web site. The company cur- 
rently uses Crystal Decisions’ 
software, but Young said 
ProClarity plans to standard- 
ize on Microsoft’s technology 
to save money, since Report- 
ing Services will be bundled 
as part of SQL Server licenses. 

Microsoft’s move makes 
sense as reporting tools be- 
come more of a commodity 
that decision-support vendors 
can embed into their products, 
said Joshua Greenbaum, an an- 
alyst at Enterprise Applications 
Consulting in Daly City, Calif. 

Microsoft should have no 
problem convincing users that 
it can develop reporting soft- 
ware that’s technically sound, 
Greenbaum said. But it may be 
harder for the company to 
prove that it has reporting ex- 
pertise in individual vertical 
markets, he added. B 





application could also be use- 
ful, but SAS officials need to 
better “pinpoint what they are 
trying to go after” with that 
product, he said. 

While SAS already sells 
some supply chain analysis 
components, it’s now creating 


| an end-to-end offering that 


covers both the supply and de- 
mand sides of supply chain 
processes, said Bob Moran, an 
analyst at Aberdeen Group 
Inc. in Boston. The new soft- 
ware will let users examine 
how events at one point ina 
supply chain could affect oth- 
er segments, Moran said. That 
could be a key capability for 
companies that try to get by 
with the thinnest of profit 
margins, he added. D 


Cognos to Ship 
Browser-based 
Analysis App 


In addition to its development of 
supply chain analysis tools, Cog- 
Nos is readying the first fully Web 
browser-based release of its 
flagship business-intelligence 
software. 


The company plans to an- 
nounce the Cognos Series 7 Ver- 
sion 2 upgrade this week and 
ship it next month. Because it re- 
quires no client software, the new 
costs and headaches for corpo- 
rate users, according to Cognos 
Officials. They said it can also 
handle larger amounts of data 
tive analysis capabilities to users. 

The latter feature will let users 
run forward-looking trend analy- 
ses instead of just querying his- 
torical data, said Michael Bran- 
chaud, a product director at Cog- 
nos. For example, a company 
could use the tool to project how 
a sales deal might affect invento- 
ty levels, enabling it to plan 
ahead by ordering more stock. 

The new release is being de- 
signed to address usability is- 
sues, but its Web-based user in- 
terface has the same capabilities 
that Cognos built into the current 
Windows version, said Philip 
Russom, an analyst at Giga Infor- 
mation Group Inc. 

- Mare L. Songini 
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Visteon, IBM Sign 
Outsourcing Deal 


Visteon Corp., an automotive 
parts maker in Dearborn, Mich., 
announced a 10-year IT out- 
sourcing deal with IBM valued at 
about $2 billion. IBM will take 
over Visteon’s mainframes, data 
centers, networks and help desk 
operations, and some application 
development work. Visteon, 
which was spun off from Ford 
Motor Co. in 2000, will continue 
to manage applications that sup- 
port product development. 


Dell Loosens Ties 


To Pacts With IBM 


Dell Computer Corp. said it has 
largely ended two multibillion- 
dollar deals signed with IBM in 
1999. A component supply con- 
tract that called for Dell to buy 
disk drives and PC monitors from 
IBM has become defunct follow- 
ing IBM's sale of those opera- 
tions. Dell also de-emphasized an 
IT services partnership and now 
calls IBM Global Services for as- 
sistance only upon user request. 


IT Trade Group 


Files XP Complaint 


The Computer & Communica- 
tions Industry Association (CCIA), 
a trade group in Washington that 
sided with the U.S. government 
in the Microsoft Corp. antitrust 
case, filed a complaint related to 
Windows XP with the European 
Commission. The CCIA claimed 
that Microsoft’s bundling of vari- 
ous applications in XP violates 
European antitrust laws. Micro- 
soft declined to comment. 


Top Sprint Execs 
To Stay, for Now 


Sprint Corp. said outgoing CEO 
William Esrey and President 
Ronald LeMay will stay on while 
it tries to free CEO-designate 
Gary Forsee from his contract 
with BellSouth Corp. in Atlanta. 
Forsee is currently BellSouth's 
vice chairman. 


MARK HALL #=ON THE MARK 


Nokia Appliance Plugs 
E-mail Security Hole ... 


. and challenges competing devices, which, a company executive 
chides, “appeal to the lowest common denominator.” Nokia Internet 
Communications, a U.S.-based business unit of Finland’s Nokia Corp., 
will ship at the end of March its SC6600 e-mail security appliance to 
guard your network from any message laden with viruses, worms, 
spam, offensive language, sensitive data and just about any digital nasty 
you can concoct. A single SC6600 (the Nokia Message Protector, if 


you're a fan of marcom-speak) peers into 
files that have been zipped multiple 
times, decodes macros, analyzes executa- 
bles, parses content and detects spam at 
a sizzling 120,000 electronic epistles per 
hour. Its performance is achieved, brags 
Dan MacDonald, vice president of prod- 
uct management and marketing, “be- 
cause the [SC6600] is pur- 
pose-built to protect SMTP 
traffic flow.” Competing 
boxes from say, McAfee, he 
says, are “just a general-pur- 
pose computer that attempts to 
do too many things at once,” 
such as protect HTTP and 
VPNs as well as SMTP traf- 
fic. Worse, MacDonald 
claims, virus security firms 
have tried to force-fit their 
software approach into a 
hardware appliance, which 
he says needs to be designed 
from the silicon up, not the 
binaries down. As such, 
Nokia has partnered with 
Trend Micro Inc. for its virus 
software. The 1U (1.75 in. 
high) appliance will cost 
$16,000, plus the license for 


in Santa Clara, 
er Eee 
erat ett eM ULE 
UMC ES Oe LCL) 
Networks (finally, a 
moniker update for the 
better), but it has also 
upgraded its Teros-100 
Vy) terete mee cere (Ce) 
System. Version 2.0, 
PTS ee Clue eeel 
improves credit card and 
ECA ge Rett ga Ae 
Web sites and also tight- 
Cee aL Np Ael tet 
around applications. 
eH R MUM geet 
starts at $25,000. 


Trend Micro’s virus protection. ® If 
you're satisfied that your e-mail is safe 
and sound, it’s time to consider the gaping 
hole instant messaging (IM) bores into your 
network. Not yours, you say. Fat chance. 
IM permeates 84% of businesses today, 
according to market researcher Oster- 
man Research Inc., which surveyed 189 
organizations. If you still 
doubt it, visit the Web site 
of San Diego-based Akonix 
Systems Inc. and download 
its free tool, Akonix Rogue 
Aware, which will enlighten 
you on just how pervasive 
IM is in your company. If 
what you learn scares you, 
Akonix CEO Peter Shaw 
hopes you'll buy Version 2.0 
of Akonix L7 Enterprise, 
which protects your IM traffic 
from viruses while enforcing 
corporate policies on who can 
send what IM traffic with 
which IM client and when 
they can send it. Each of the 
IM gateways can handle 
20,000 users and can be 
clustered for redundancy. 
Based on Windows server 
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technology, the L7 Enterprise ships to- 
morrow with a starting price of $2,250. 
Look for an adapter to manage peer-to- 
peer traffic and a Linux-based version 
before the end of the year. ® Knock, knock. 
Who's there? Not content. More than an un- 
funny joke, it’s a sad situation when visi- 
tors arrive at your Web site and can’t find 
what they’re looking for. The search 
technology wizards at iPhrase Technolo- 
gies Inc. have devised a “buried content 
reporting” tool that’s now in the proto- 
type stage for release sometime in the 
second quarter. What beta users are dis- 
covering is that the most coveted content 
has been deposited a minimum four or 
five clicks deep into their Web sites, 
which the MIT-schooled founders of 
iPhrase suggest makes for a compelling 
case for advanced search tools. Duh. # IP- 
based phone systems get another boost 
on March 3 when AltiGen Communica- 
tions Inc. ships its Multichannel Contact 
Center for sales, service and help desk 
operations. Each 4U rack-mounted de- 
vice can handle 128 chatty agents and 
costs $525 to $900 per user, depending on 
the applications purchased. The system 
can link to legacy private branch exchanges or 
connect directly to your outside lines. " Keith 
Raffle, chairman of UpShot Corp., still 
sounds a little bitter when he talks about 
Microsoft Corp.’s recent entry into the 
hosted CRM market. (“I wonder what Mi- 
crosoft is bringing to this party,” he mutters.) 
After all, UpShot dutifully adopted a 
pure .Net Microsoft technology, then 
those Redmond rascals try to take his 
business after he gave them his. Well, 
he’s not going to simply roll over. Today, 
UpShot introduces a Multiprocess Man- 
agement feature to its UpShot XE CRM 
for enterprises. The update improves 
customization of data views and provides 
simple drag-and-drop configuration of 
screens, among other enhancements. The 
online CRM party keeps getting louder. D 





‘HP Stays Itanium Course Ahead of Intel 


on Itanium servers. 
HP’s mx2 daughter-card 
technology, meanwhile, will 





BY JAIKUMAR VIJAYAN 
Hewlett-Packard Co. this week 
will introduce an Itanium Z 

chip set in a move that takes it 


| another step closer to deliver- 


ing its first high-end servers 
based on Intel Corp.’s 64-bit 
processor architecture. 

The company will also de- 
tail plans to deliver the HP 
mx2 “daughter-card” technol- 
ogy that will allow it to com- 
bine two Itanium 2 processors 
and a large memory cache into 
a one-chip module. 





The mx2 technology, code- 
named Hondo, will allow HP 
to double the number of proc- 
essors it can pack into an Ita- 
nium server and will deliver 
better performance for appli- 
cations that require CPU scal- 
ability, said Brian Cox, an HP 
product manager. 

HP’s new sx1000 chip set 
will allow the company to 
build systems much larger 
than current Intel chip-set 
technology permits, Cox said. 
With it, HP is on track to de- 





| liver the first Itanium 2-based 


64-processor Superdome serv- 
er in mid-2003, he added. 
Because the sx1000 chip set 
is compatible with HP’s PA- 
8800 RISC architecture, users 
will be able to upgrade from 
RISC to Itanium processors 
within the same unit. HP’s Ita- 
nium Superdome systems will 
be able to run HP-UX, Win- 
dows and Linux in the same 
machine. Next year, the com- 
pany will add support for the 
OpenVMS operating system 





become available sometime 
early next year, well in ad- 
vance of Intel’s planned 
launch of a dual-core Itanium 
processor in 2005, Cox said. 

HP is the only major systems 
vendor that’s likely to ship 
high-end Itanium servers by 
year’s end, analysts said. “But 
as co-developer of Itanium, 
that is only something to be ex- 
pected from HP,” said Terry 
Shannon, editor of the “Shan- 
non Knows HPC” newsletter 
in Albuquerque, N.M. DB 
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Danish Bank Blazes 
Web Services ‘Trail 


Says performance overhead worth it 





BY CAROL SLIWA 
ARKING THE one- 
year anniversary 
of its Visual Stu- 
dio .Net tools, 
Microsoft Corp. last week 
spotlighted Danske Bank A/S 
as a cutting-edge adopter of 
the Web services capabilities 
in its .Net Framework. 

But the Copenhagen-based 
financial institution’s Web 
services work extends well 
beyond its use of Microsoft 
technology. Danske Bank was 
plotting a services-oriented 
architecture to expose func- 
tionality from its mainframes, 
IBM WebSphere application 
servers and Microsoft servers 
long before Web services 
came into vogue. 

Peter Schieidt, Danske 
Bank’s executive vice presi- 
dent of group technology de- 


velopment, said the institution | 


has already exposed about 200 
services from those disparate 
systems and plans to launch 
another 500 services into pro- 
duction this year. 


In the Top Echelon 

Daryl Plummer, an analyst at 
Stamford, Conn.-based Gart- 
ner Inc., said that if they are 
indeed “true” services, they 
would place Danske Bank in 
the top 1% of IT departments 
doing Web services work. He 
defined a true service as one 
with a well-described inter- 
face to a system that can be 
called from an outside system. 

“Most companies don’t have 
that many services identified 
and exposed at this point,” 
Plummer said. 

The end result can be ex- 
tremely useful. Schleidt cited 
a portal that customers and 
7,000 financial and sales advis- 
ers use to access information 
drawn from the disparate 
back-end systems. 

For instance, an employee 
can now access a unified cus- 


| tomer-purchase record and 
| correspondence history from 
| the same interface, without 
having to call individual sys- 
tems one at a time. 

Schleidt said that three 


the need for an engine that 
would enable it to integrate 
functionality across its dis- 
parate systems. 

Rather than tying function- 
ality from one system to an- 
other one by one, the bank’s 


| developers write standards- 
| based interfaces that expose 
| functionality as services. They 


define and describe the ser- 


| vices they have built and how 
| those services can be called by 


other systems. That informa- 


tion is then stored in an inter- 


nal registry that conforms to 
the Universal Description, 
Discovery and Integration 


Tony Scott, chief technology 
officer of the information sys- 
tems and services organization 
at General Motors Corp., spoke 
with Computerworld earlier 
this month about the automak- 


nology. Excerpts from the inter- 
view follow: 


Do you feel Web services 
have been too hyped? | would 
not write off any technology that 
the likes of Microsoft and Sun 
and other large companies like 
IBM have invested hundreds, if 


The likelihood is pretty good that 
it's going to hang around and be 
something significant. 

At GM, we're interested in it 
from a number of different per- 








er's plans for Web services tech- 


not a billion, dollars or so in R&D. 


spectives. We've all lived through 


| standard, Schleidt said. 


About 70% of the bank’s de- 
velopers work in Cobol, 20% 
with Microsoft’s tools and 10% 
in Java, according to Schleidt. 
But a Java developer who 
wants to connect to a service 


| exposed by a Cobol developer 
years ago, the bank recognized | 


doesn’t have to worry about 
the complexity of the other 
environments. “This is what 
Web services are all about — 
hiding complexity and expos- 
ing functionality,” he said. 


Two Approaches 

When linking services from 
disparate systems, the bank 
takes a Web services approach 


| and uses the Simple Object Ac- 


cess Protocol (SOAP) for mes- 
sage transport. But when con- 


| necting services between the 


same type of systems, such as 


mainframe to mainframe, 


it uses proprietary “bindings” 
for performance reasons, said 


GM CTO Outlines Web 
Services Strategy 


the embryonic stages of the Web 
and all the EAl [enterprise appli- 
cation integration] tools and the 
big application packages. So we 
don’t see Web services as the 
panacea, the end-all, be-all that’s 
going to replace everything else. 
But it does appear to fit in the 
Web development space, where 
we can take certain kinds of ac- 
tivities that we're embedding in 
each and every application we 
build today and externalize them 
as a service and only do, for ex- 
ample, maintenance and repair 
on that service in one place vs. in 
hundreds of applications. 


of applications in GM that use ve- 





Schleidt. He said the bank 
found that calling a mainframe 
function from the WebSphere 
environment takes 40 msec 
of CPU time using SOAP. Call- 
ing the same service from the 
mainframe, using proprietary 
protocols, takes 0.3 msec of 
CPU time. “It’s a lot cheaper,” 
Schleidt noted. 

Mike Gilpin, an analyst at 
Cambridge, Mass.-based Giga 
Information Group Inc., said 
clients often report that it’s 
five times slower to send data 
associated with a particular 
program call using SOAP vs. 
using a binary protocol. 

Schleidt said Danske Bank 
decided a little performance 
overhead — but only 10%, he 
said — would be worth it be- 
cause of the flexibility that 
Web services ultimately offer. 
But he added that he thinks 
the bank may eventually be 
able to eliminate the overhead 
by fine-tuning services that 
aren’t working efficiently. 

Danske Bank has yet to 
directly calculate return-on- 
investment figures for its Web 
services, but Schleidt said the 
boost in developer productiv- 
ity will be more important be- 


than I’ve been in 
along time in 
terms of basic 
interoperability 


TONY SCOTT, CTO, 
GENERAL MOTORS CORP. 


hicle identification numbers for 
something, as a part of our nor- 
mal business process. There's 

a whole set of business rules 
around vehicle identification 
numbers - good ones, bad ones, 
when the vehicle was made, its 
repair history, all kinds of things. 
And today we have to embed lots 
of business logic and rules in 
every single application that uses 
vehicle identification numbers. 
One of the things we are working 
toward is creating a vehicle iden- 
tification number Web service 


| 





Bank Benefits 


cause that will enable the 
company to deliver new, com- 
plex product packages more 
quickly. 

Schleidt said it took three 
months to expose a stock- 
quote service, which was built 
with Microsoft’s .Net tools, to 
Denmark’s largest newspaper. 
But it took only three weeks to 
do the same for another part- 
ner, he said. 

Those services represent 
the company’s limited foray 
into external Web services. So 
far, the bulk of the bank’s work 
has been with internal Web 
services — a recommendation 
Schleidt extends to his peers. D 


of the logic and business rules 
and so on ~ let's call them the big 
rules around vehicle identifica- 
tion numbers - so that you don’t 
have to support and maintain 
that in hundreds of applications. 


Do you feei encouraged by the 
potential for Web services to 

help you connect applications 
written using Java and Micro- 
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Hospital CIOs Shy Away From 
Automating Medical Systems 


-anel members cite high costs, IT risks 
of installing computerized applications 





BY BOB BREWIN 
SAN DIEGO 
10S FROM hospitals 
large and small last 
week said they re- 
main reluctant to 
deploy computerized physi- 
cian order entry (CPOE) and 
automated medical records 
systems, despite a three-year 
push by 90 major U.S. employ- 
ers for adoption of such sys- 
tems to help eliminate med- 
ical errors. 
Speaking on a CIO panel at 
the Healthcare Information 
and Management Systems So- 


ciety’s (HIMSS) annual con- 
ference here, Paula Anthony, 
who heads IT for the East 
Texas Medical Center (ETMC) 
Regional Healthcare System in 
Tyler, said she remains cau- 
tious about outside technolo- 
gy lobbying efforts such as the 
one for CPOE systems. 

ETMC operates 13 acute 
care hospitals plus medical 
clinics in rural parts of East 
Texas. Anthony said the 
prospect of deploying CPOE 
technology for use by doctors, 
nurses and support personnel 
| at the hospitals is “scary.” 








NEWS 


ETMC takes a conservative 
approach and “will not be in 
the forefront on technology,” 
Anthony said. 

The Leapfrog Group, a 
Washington-based health care 
consortium, last year estimat- 
ed that systems for automat- 
ing tasks such as prescribing 
medication and ordering med- 
ical procedures would elimi- 
nate a half-million medical er- 
rors annually — some of them 
fatal [QuickLink 29106]. The 
consortium was formed in 
2000 by the Business Round- 
table, a Washington-based or- 
ganization made up of CEOs 
from Fortune 500 companies. 

Kaiser Permanente Health 


| Plan Inc., the largest nonprofit 


| health maintenance organiza- 
tion in the U.S., this month 
said it plans to spend $1.8 bil- 
lion during the next three 
years to roll out a paperless 
medical system that includes 
CPOE capabilities [QuickLink 
36200]. 


Not a Simple Process 
But Warren Chandler, CIO at 
St. Vincent’s Health System in 
Jacksonville, Fla., said his 528- 
bed hospital is “a long way 
from going paperless.” Devel- 
oping and deploying a CPOE 
system may sound like a sim- 
ple process, but it’s not, Chan- 
dler said. “There are a lot of 
costs and risks,” he noted. 
Chandler said a good first 








NASA Teams With Private 
Sector to Improve Software 


Goal is to build 
fail-proof systems 


BY PATRICK THIBODEAU 
WASHINGTON 

NASA's mission system soft- 
ware is considered to be 
among the best-engineered in 
the world. But in the aftermath 
of the 1999 Mars Poiar Lander 
crash, which was caused by a 
software bug, NASA officials 
acknowledged that a long- 
term fix was needed in order 
to build systems that don’t fail. 
And the agency’s subsequent 
efforts may ultimately help all 
IT managers. 

NASA played a leading role 
in the creation last year of the 
Sustainable Computing Con- 
sortium (SCC), which in- 
cludes companies such as 
FedEx Corp., Pfizer Inc., Mi- 
crosoft Corp. and Oracle Corp. 

The goal of the SCC, which 
is based at Carnegie Mellon 
University in Pittsburgh, is the 
Holy Grail of software design: 
creating software that does 
what it’s supposed to do, no 


| matter what. It’s called “high 
dependability” and refers to 
systems that tolerate hardware 
| faults well, maintain a high 
level of security during attacks 
and are always available. 

For an anlogy, think of the 
field of structural engineering, 
in which there are extensive 
building codes and precise 
measures for determining 
stress and loads. Right now, 
there no similar measures for 


JUST THE FACTS 


The SCC is a collaborative effort 
involving universities, compa- 
nies and government agencies. 


WHAT: Develop standards and 
measurements that allow engi- 
neers to accurately determine 
software reliability and security. 


WHY: Major IT vendors empha- 
size dependability and security, 
but users currently have no way 
to ascertain software quality. 


HOW: Conduct research to 
develop systematic approach- 
es to assessing risk and value. 


Coe eerrecesessesoeseseseeee 


WHERE: 
www.sustainablecomputing.org 





| renewed attention 





quantifying the reliability of 
software, particularly in inter- 
connected systems. “Imagine 
if there is no building code, 
where would you start? That’s 
where we are with software,” 
said SCC head William 
Guttman, a professor of eco- 
nomics and technology at 
Carnegie Mellon. 

The Feb. 1 crash 
of the space shuttle 
Columbia brought 
with the SCC: 
to the highly com- 
plex computer sys- 
tems and software 
used by the space agency. 
While the cause of that disas- 
ter has yet to be determined, 
there’s no doubt that a soft- 
ware bug caused the Mars Po- 
lar Lander to crash. For NASA, 
that crash was “an important 
watershed event” that prompt- 
ed the agency to broaden out- 
reach efforts to improve soft- 
ware design, said Henry Mc- 
Donald, who headed NASA’s 
Ames Research Center in 
Moffett Field, Calif., until last 
November. 

Among systems that can’t 
be allowed to fail are those 
that MasterCard International 
Inc. uses for its smart-card 


WHY WE'RE IN 


A FedEx IT exec discusses 
her company's involvement 
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systems. Software code for 


those systems is inspected line 
by line and tested in a process 
that can take up half of the 
card development effort, par- 
ticularly because of the need 
for high security, said Terry 
Stanley, the company’s vice 
president of smart-card plat- 
form architecture. 

But if vendors 
built better prod- 
ucts, costs would 
be reduced, Stan- 
ley said. There are 
agreed-upon tests 
for chips, but 
that’s not the case 
with software applications, he 
said. The IT industry is recog- 
nizing that application stan- 
dards are needed “not only to 
cut down the cost of security 
testing, but to also reduce the 
time frame,” he said. 

MasterCard worked with 
SCC member Cigital Inc., a 
Dulles, Va.-based software en- 
gineering firm, to analyze and 
test its systems. One huge 
problem engineers face in 
checking systems, said Jeffery 
Payne, president and CEO of 
Cigital, is the ability to deter- 
mine mathematically the relia- 
bility of an assembled system. 

“This is a long-term, tough- 
nut problem,” he said. D 
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ClOs on CPOE 


step toward paperless opera- 
tions is development of a clin- 
ical data repository, which 
could serve as a baseline sys- 
tem for CPOE and other auto- 
mated medical applications. 

Jeff Cooper, CIO at Henry 
Medical Center in Stock- 
bridge, Ga., also said health 
care institutions should take a 
“building-block” approach to 
the development of CPOE sys- 
tems. For example, [T man- 
agers could start by putting 
patient records in electronic 
form, he said. 

Health care IT managers 
need to get involved with local 
business organizations to let 
them know what is realistic in 
terms of developing CPOE 
systems, said Pamela McNutt, 
CIO at Methodist Hospitals of 
Dallas, which operates a 478- 
bed hospital, a cancer clinic 
and four other facilities. 

Despite their concerns 
about CPOE technology, the 
CIOs who took part in the 
panel discussion said they 
have made their systems com- 
pliant with the federal Health 
Insurance Portability and Ac- 
countability Act’s (HIPAA) IT 
security and privacy mandates, 
which go into effect in April. 

Meeting the HIPAA man- 
dates was “very expensive, but 
we're ready for it,” Anthony 
said. ETMC’s biggest HIPAA- 
related expense was the cost 
of having lawyers review its 
privacy and security plans, not 
the cost of new technology, 
she added. B 


MILITARY X-RAY NETWORK 


At the HIMSS conference, U.S. Army 
Officials detailed an IP-based network that 
routes X-rays for remote diagnosis: 


QuickLink 36281 
www.computerworld.com 





www.computerworld.com 


NEWS 


COMPUTERWORLD February 17, 2003 13 





Companies Expected to 


Boost Offshore Outsourcing | 


Pressure to cut 
costs drives trend, 
analyst firms say 
BY JAIKUMAR VIJAYAN 

Demand for offshore out- 
sourcing services will contin- 
ue to grow substantially over 
the next several years, as com- 
panies try to squeeze more 
value out of every 

IT dollar they 

spend, according to 

recent reports from 

three major analyst 

firms. 

In a report released last 
week, Meta Group Inc. in 
Stamford, Conn., predicted 
that offshore outsourcing will 
grow more than 20% annually, 
pushing it from a $7 billion 
market today to about $10 bil- 
lion by 2005. Almost all appli- 
cation outsourcing services 
will include an offshore com- 
ponent, and the market will 
reach $15 billion by 2007, the 


| 
| 


Meta report added. 

The focus on lowering IT 
costs is accelerating the use of 
offshore services, according to 
a Gartner Inc. report released 
earlier this month. Although 
companies are tapping off- 
shore vendors primarily for 
application management pur- 
poses, demand is also emerg- 
ing for business process out- 

sourcing and infra- 
structure manage- 
ment services, Gart- 
ner said. 

“There is a grow- 
ing sense that IT infrastruc- 
ture management is some- 
thing that can be packed up in 
a box and shipped off to some- 
one who can do it more effi- 
ciently and at a lower cost,” 
said Bruce Caldwell, an ana- 
lyst at Gartner, which is also in 
Stamford. 

“People are looking to off- 
shore as a low-cost and imme- 
diately available alternative” 
to buying and deploying such 


Nortel, C&W Push New 
Capabilities on IP Networks 


VOIP, global 
videoconferencing 
among targets 


BY MATT HAMBLEN 

IP networks continue to get the 
attention of vendors looking 
to use the technology to sup- 
port advanced functionality 
such as voice over IP (VOIP) 
and videoconferencing. 

Nortel Networks Ltd. today 
will announce plans to sell IP 
voice networking products to 
telecommunications compa- 
nies and then help them mar- 
ket services based on the tech- 
nology to corporate users as 
well as consumers. 

Separately, Cable & Wire- 
less PLC (C&W) last week an- 
nounced that it’s joining 
forces with a small IP-based 





videoconferencing vendor, 
Wire One Technologies Inc. 
London-based C&W said it 


| would use its global IP virtual 


private network (VPN) capa- 
bilities to support Glowpoint, 
a videoconferencing service 
offered by Hillside, N.J.-based 
Wire One. 

Nortel’s announcement 
comes at a time when strug- 
gling telecommunications car- 
riers need to find new sources 
of revenue and want to offer 


| their customers services that 
| can help lower networking 


costs, industry analysts said. 
Brampton, Ontario-based 
Nortel will announce a series 
of managed services designed 
to provide businesses, through 
telecommunications carriers, 
with the ability to migrate 
voice networks line by line to 


| technologies themselves, 

Caldwell said. 

| Overland Park, Kan.-based 
Meridian IQ LLC, a subsidiary 

of Yellow Corp. that provides 

transportation management 

services, expects its use of off- 

shore services to increase, 

said CIO Dan Bentzinger. 

Driving that trend are the 

| same three factors that led 

| Meridian to first outsource 

services to Infosys Technolo- 

gies Ltd. in Bangalore, India, in 

1998: speed to market, quality 

| and cost of services. 

Infosys has given Meridian 

| the ability to quickly acquire 

reliable IT resources to deploy 

| new services, while also giv- 

| ing it the flexibility to ramp 

| down when they aren’t need- 

| ed, Bentzinger said. “Meridian 

is in an upswing right now, 

which means we are going to 

be growing our relationship,” 

he predicted. 

| Even though IT budgets are 

| shrinking or remaining flat in 





VOIP technology and to use 
Web-based routing and call 
management tools. The use of 
VOIP should reduce voice 
communications costs by up 
to 25%, Nortel said. 

Nortel’s initiative should 
mean corporate IT managers 
will see lower costs for IP- 
based voice connections, said 
Christin Flynn, an analyst at 
The Yankee Group in Boston. 
Many carriers have been in- 
volved in IP voice trials and 





What They Say 


META GROUP 

Offshore outsourcing will grow 
from $7 billion currently to 
more than $10 billion by 2005. 


So eeecerccesseesessessseses 


GARTNER INC. 

Offshore application manage- 
ment ranked as the highest 
growth opportunity in 2003 in 
a survey of 36 outsourcing 
vendors. 


FORRESTER RESEARCH 
Respondents in a survey of 145 
IT decision-makers at North 
American companies rated off- 
shore providers better than 
U.S. firms 67% of the time in 
terms of quality and timeliness. 


the face of the recession, the 
amount of money being allo- 
cated to offshore outsourcing 
is increasing as a percentage 
of overall IT spending, said 
Prasad Thrikutam, an Infosys 
regional manager in Dallas. 

In fact, one offshore ser- 
vices company, Cognizant 
Technology Solutions Corp. in 
Teaneck, NJ., reported record 
growth in 2002, as annual rev- 
enues rose to $229 million 
from $178 million in 2001. 


should be ready to invest in 
deployments of the technolo- 
gy this year, she said. 

C&W and Wire One said 
their deal will give C&W a re- 
liable videoconferencing part- 
ner and let Wire One gain a 


| global reach for U.S. compa- 


nies that want to reliably and 
inexpensively provide video- 
conferencing services to busi- 
ness partners and branch of- 
fices in other countries. 
Summit Partners, a private 


Calling Carriers 
Nortei’s Succession Service suite for VOIP capabilities over VPNs: 


1S DESIGNED to help telecommunications carriers offer corporate users man- 
aged VOIP services that can reduce voice communications costs by 25%. 


1S BASED on its Succession Communication Server 2000 and Server 


INCLUDES services that support line-by-line migrations of corporate voice 


systems to IP network technology. 


ADDS Web-based routing and call management capabilities for IT managers, 





| Increasingly, offshore com- 
| panies are being viewed not 
just as a “tactical cost-saving 
| Option but as more of a strate- 
gic proposal,” said Ram My- 
| nampati, chief operating offi- 
| cer at Satyam Computer Ser- 
vices Inc. in Hyderabad, India. 
This is reflected in the higher- 
end jobs Satyam is being 
asked to do for its U.S. clients, 
| Mynampati said. 
But project management re- 
| mains a major challenge for 
| many companies that out- 
| source to offshore vendors, ac- 
| cording to a recent survey by 
| Forrester Research Inc. in 
Cambridge, Mass., the results 
| of which were also released 
earlier this month. 
One-third of the respon- 
| dents in the survey of 145 
“decision-makers” at North 
American companies said they 
| use offshore services and plan 
| to spend more money on them 
in the future, Forrester said. 
But “18% of respondents us- 
ing offshore providers report- 
| ed a major challenge in mea- 
suring performance, while 
20% have serious issues speci- 
| fying the work needed to be 
done,” the Forrester report 
| concluded. B 


| venture capital firm in Boston, 
uses Glowpoint to support 12 
hours of boardroom videocon- 
| ferencing between offices in 
Boston, London and Palo Alto, 
Calif., each week. Mike Veil- 
leux, junior assistant adminis- 
trator for networking at Sum- 
| mit, said the partnership be- 
tween C&W and Wire One 
|} could produce an improve- 
ment in the London connec- 
tion, which sometimes has 
lower quality than the others. 
About 10% of all videocon- 
ferencing service providers 
use IP, and IP-based videocon- 
ferencing service can cost less 
than videoconferencing car- 
ried over circuit-switched net- 
works, according to Roopam 
Jain, an analyst at Frost & Sul- 
livan Inc. in San Jose. D 


ADDITIONAL INFO 


To read more on this topic, head online to 
our Networking Knowledge Center: 


QuickLink k1200 
www.computerworld.com 
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IBM Stops Linux 
On Itanium Project 


IBM has stopped development 
efforts aimed at tuning Linux to 
run on servers based on Intel 
Corp.’s 64-bit Itanium proc- 
essors. A small group of develop- 
ers that was doing the work is 
now focused on tying the open- 
source operating system to IBM's 
own Power4 chip technology. 
IBM has said it will support intel’s 
new Itanium 2 chip in servers but 
has yet to ship such a system. 


CSC, IBM Sign 
J.P. Morgan Deal 


Computer Sciences Corp. (CSC) 
in El Segundo, Calif., announced 
a seven-year deal with IBM un- 
der which the services firm will 
continue to manage some of J.P. 
Morgan Chase & Co.’s servers. 
CSC is one of four vendors that 
had been doing outsourcing work 
for New York-based J.P. Morgan 
Chase, which in December signed 
a $5 billion contract with IBM. 
CSC said its subcontract is ex- 
pected to be worth $500 million. 


BEA Announces 
Upgrade, Purchase 


BEA Systems Inc. released an 
upgrade of its Tuxedo transac- 
tion-processing software that 
adds Web services support and 
tighter integration with the com- 
pany’s WebLogic middleware. 
San Jose-based BEA also said it 
has acquired Redwood Shores, 
Calif.-based CrossLogix Inc., a 
developer of end-user access 
authorization software. Finan- 
cial terms weren't disclosed. 


Short Takes 


MICROSOFT CORP. reissued a 
software patch for Windows NT 
4.0 that was pulled earlier this 
month after users said the secu- 
rity fix was crashing their sys- 
tems. . . . UNISYS CORP. signed a 
10-year outsourcing agreement 
valued at about $450 million 
with London-based Royal & Sun 
Alliance Insurance Group PLC. 





Continued from page 1 


Sun 


helping users pool, share and 
manage heterogeneous server, 
storage and network resources. 


| Sun will also emphasize the 


role of its iForce partner cen- 
ters, where users can test and 
specify their technology re- 


| quirements for Sun to custom- 


configure for them. 

The goal of these efforts is 
to reduce complexity, improve 
utilization and reduce the 
costs associated with deploy- 
ing and managing IT products, 


| Sun CEO Scott McNealy said. 


Sun’s strategy appears to be 
striking a positive chord with 


| some users. 


“We like the idea of dealing 
with vendors who are willing 
to take responsibility for a 
broader spectrum of services,” 
said Jim Stock, CIO of The 
Landrum Co., a Columbia, 


| Mo.-based holding company 


that owns four banks. 

The company moved its 
core financial applications 
from a mainframe to Sun 





NEWS 


servers two years ago, not 
only because the technology 
offered better price/perfor- 
mance, but also because it 
was easy to implement, ac- 
cording to Stock. 

Questerra LLC, a Char- 
lottesville, Va.-based provider 
of mapping services, has stan- 
dardized on Sun servers, stor- 
age and services for running 
its core applications. Sun’s 


| approach of offering more 


integrated technology mod- 
ules is a good one because it 
eliminates the need for com- 
panies to integrate best-of- 
breed technologies them- 
selves, said Tim von Kaenel, 
chief technology officer at 
Questerra. 

“The notion that Sun has of 
integrating all these disparate 
technologies into one plat- 
form allows for computing on 
demand, storage on demand 
and services on demand,” 
Kaenel said. 

Sun’s efforts address a 
growing area of concern for 
large users, said Cathy Hotka, 
former vice president of IT at 


| the National Retail Federation 





and now principal of Cathy 
Hotka & Associates, a Wash- 
ington-based consultancy for 
retail IT operations. 

“The complexity involved in 
making many disparate prod- 
ucts work with one another is 
a major concern” for large 
corporations, Hotka said. 

“Many in the technology 
community have underesti- 
mated the number of kludge 
bridges that end users have to 
create” to make this happen, 
she said. 


Great Expectations 

As a result, there’s growing 
demand from users for more 
modular and interoperable 
products, said Jean Bozman, 
an analyst at Framingham, 
Mass.-based IDC. “The idea 
that systems vendors play a 
role in assisting customers in 


| integrating their technology is 


gaining,” Bozman said. 
Cingular Wireless is testing 
N1 technology in its Alpha- 
retta, Ga., data center as part 
of a move to improve resource 
utilization and management. 
Under a multiphased ap- 


McNealy: ‘Let Us Run the Machines’ 


Sun CEO Scott McNealy last 
week spoke with Computerworld 
editor in chief Maryfran Johnson 
and reporter Jaikumar Vijayan 
about the company’s direction 
and the changing role of ClOs. 
Excerpts from that conversation 
follow: 


How is Sun the systems 

company today going to 

be different five years 

from now? Will it be 

Sun the services com- 

pany? | think we will 

be selling more of our 

products as a subscrip- 

tion. We'll be selling 

more of our products 

through service providers and 

less to end users. And we'll be 

selling our products more inte- 

grated while still integratable. 
There's going to be more stuff 

out there through the open- 

source community or that we'll 

offer through acquisitions. We'll 

have more pieces of the Lego 


blocks that you use to build net- 
work computing. 


You say Sun is out to reduce 
complexity and make data cen- 
ters easier to run. But then you 
say customers should let Sun 
run those data centers 
for them because they're 
so complicated. Aren’t 
those two conflicting 
messages? We're saying 
that if you must have your 
own data center, let us 
run the machines. The 
right answer is to go to 
the Sun Tone service 
provider, who will host the 
machine, put it in their 
data center, connect it to the net- 
work and run it on a 7-by-24 ba- 
sis. Then we'll go to the service 
providers and say, “Let us man- 
age the machines in your switch 
room. You manage the service, 
but just let our person touch 
the machine. That'll be a very 
small percentage of the head 


count in your data center.” 

What BM is saying is, “Let 
us just take the whole thing.” 
They want to do the manage- 
ment consulting, the architec- 
ture, the hosting, the equipment 
purchases, all of it. 


You've spoken about a new 
wave of ClOs. Who are you re- 
ferring to? Sun's Bill Howard is 
an example of a new-wave CIO. 
He understands that his job is not 
managing data centers or the 
network for us. The CIO shouldn't 
be worried about assembling 
computers, or running data cen- 
ters, or managing the network, or 
getting the printing stuff to work. 
So, what does he spend all his 
time doing? He's building a 
world-class LDAP directory reg- 
istry implementation that will 
have every employee, customer, 
reseller, shareholder and piece of 
equipment in the Sun community 
in a directory with a profile for 
each one, across all our business 





www.computerworld.com 


proach, Cingular will use 
Sun’s N1 products to pool 
Unix servers, storage equip- 
ment and network systems 
from multiple vendors and 
share the resources. 

The goal is to get “greater 
value for every IT dollar that 
we spend,” said Victor Nelson, 
vice president of IT at Cingu- 
lar. Eventually, such an inte- 
grated IT infrastructure will 
also provide a base for deliver- 
ing on-demand IT services, 
Nelson said. 

Sun’s strategy is a credible 
one that draws on its strengths 
in the network computing 
arena, said Joyce Becknell, an 
analyst at The Sageza Group 
Inc. in Mountain View, Calif. 
Sun's biggest challenge will be 
to convince users that it can 
really deliver multivendor 
interoperability, even as it 
continues to shun broader 
adoption of Wintel and Linux 
technologies in its own prod- 
uct lines, she said. 

“They’ve got to show that 
they can play nicely with the 
other kids in the sandbox,” 
Becknell said. B 


processes. That job alone will 
keep every CIO on the planet 
solely focused on being chief in- 
formation officer. The old-style 
ClOs were all mechanics. They 
tended to buy their 10-speed 
bicycles and pay extra to have 
them unassembled. 


What do you say to the analyst 
community when it makes dire 
predictions about Linux being 
Sun's undoing? They just don’t 
get it. But that’s ali right; they 
haven't gotten it for 21 years. If 

| managed the company by ana- 
lysts, we never would have start- 
ed Sun, and I'd have killed Unix 
every year for 21 years. Right 
now, HP and IBM are reading 
the analyst reports saying how 
Linux is going to happen, and 
they're abandoning their Unix 
customers. 


AT GREATER LENGTH 


For an expanded version of this 

interview, visit our Web site: 
QuickLink 36276 
www.computerworld.com 
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“the second ownership change 
within a year, which requires a 
lot of new relationship-build- 
ing on our part,” Zimon said. 

Product delivery and sup- 
port of the software developed 
by M3i has improved since 


© CGI Group Inc.’s plans to ac- 
Merger Wave Hits Energy IT Vendors | #::::!omes:mem 
early 2001, Cognicase bought 
M3i Systems Inc., from which 
NStar had licensed outage 
management software. The 
| CGI/Cognicase deal would be 


For instance, Eugene Zimon, 
CIO at NStar, a Boston-based 
utility and energy-distribution 
company, is closely eyeing 


| firms has some technology 
managers worried about the 
potential impact of the deals 
| on their companies. 


BY THOMAS HOFFMAN 
A recent flurry of mergers be- 
tween energy industry soft- 

ware vendors and IT services 


Award-Winning, Economical 
tee Cait 


Get More for Your IT Dollars 


Tripp Lite UPS Systems offer a full range of advanced power protection 
features—including on-line operation, automatic voltage regulation and 
PowerAlert Software—to assure optimum network productivity. Leading 
IT publications agree! Tripp Lite is consistently recognized for its superior 
performance, reliability and compatibility. Best of all, Tripp Lite typically 
includes advanced features not found on comparable competitive models 


while still being priced lower. 


SmartOnline” and SmartPro” UPS Systems 
with PowerAlert Software 
Ideal Solutions for Everything from Small Servers to Enterprise Networks 


¢ SmartOnline models offer true on-line operation—the highest level of 
protection—at the same price as competitors’ line-interactive systems 


© SmartPro models protect connected equipment with superior automatic 
voltage regulation—corrects a wider input voltage range to avoid 
unnecessary battery depletion 


© PowerAlert is the only power management software that provides 
unparalleled network power management and control over every major 
brand of UPS system on your network 


© Up to four communication ports (2 USB & 2 DB9)—industry exclusive! 
© Rack/tower models maximize VA in space-saving cabinets—slim as 1U! 
© Extended run capability available on select models 

© Up to $100,000 Ultimate Lifetime Insurance 

® Full range of UPS solutions from 450VA to 10,000VA capacities 


rotect Your IT Investment 
with ‘Tripp Lite 
UPS Systems 
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Cognicase took over that com- 
pany, Zimon said. But, he 
added, the constant changing 
of the guard “continues to be a 
big concern among senior 
management here.” 

Meta Group Inc. last month 
warned that the acquisitions 
might bring greater financial 
stability to vendors but that 
support for some products 
could end if the companies in- 
volved in a merger offer simi- 
lar software. 

For example, Meta analyst 
Rick Nicholson said there’s 
some duplication of products 
between Spokane, Wash.- 
based Itron Inc. and Silicon 
Energy Corp., an Alameda, 
Calif.-based energy manage- 
ment systems vendor that Itron 
agreed to acquire last month. 


Pending Deals 
Itron expects to complete its 
purchase of Silicon Energy this 
month. Meanwhile, CGI last 
month wrapped up a tender 
offer for Cognicase and said it 
had received sales pledges for 
nearly 97% of the stock issued 
by that company, which, like 
CGI, is based in Montreal. 
Two other acquisitions are 
in the works. American Man- 
agement Systems Inc. in Fair- 
fax, Va., signed a deal to sell its 
utility-focused IT consulting 
business unit to Wipro Ltd. in 
Bangalore, India. And Sun- 
Gard Data Systems Inc. in 
Wayne, Pa., plans to buy Cami- 
nus Corp., a New York-based 
vendor of energy-related ap- 
plications, although SunGard 
this month said the U.S. De- 
partment of Justice’s antitrust 
division has asked for more in- 
formation about the deal. 
Kevin Walsh, an IT manager 
at Exelon Power, the electricity- 
generation division of Chica- 
go-based Exelon Corp., said he 
doesn’t use software from the 
vendors involved in the deals. 
But the mergers have him wor- 
ried about the viability of oth- 
er software vendors that target 


| energy businesses, he said. D 
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OPINION 





MARYFRAN JOHNSON 


The ROI Conversation 


¢ ¢ HERE ARE many ways to count,” says 
a CFO friend of mine. And what could 
be more true when it comes to mea- 


suring ROI? Those three magic letters 
now embody the myriad ways in which we measure 
IT effectiveness. We are obsessed, in these days of 
budget starvation, with proving that pricey IT proj- 
ects will put meat on the corporate bones. 


This has not only 
spawned another branch 
of IT consulting special- 
ties, complete with elab- 
orate ROI scorecards, 
calculators, benchmarks 
and overengineered 
methodologies. It has 
also reawakened interest 
in applying to IT proj- 
ects a wider array of 
standard financial mea- 
sures such as net present 
value, internal rate of re- 
turn and others. 

“A lot of the best practices in man- 
aging a technology function can be 
stolen from the business playbook,” 
says John McKinley, the departing 
chief technology officer at Merrill 
Lynch [QuickLink 36085]. “Ultimate- 
ly, if you can’t measure it, you can’t 
improve it.” 

So, what are the many ways to 
count the ROI of your IT invest- 
ments? We’ve rounded them up and 
spelled them out in this week’s 
Knowledge Center (“Do the Math!” 
starting on page 21). This in-depth 
guide for CIOs and IT managers 
takes a blow-by-blow look at the 
most popular metrics to consider as 
you hoist your projects onto the 
scales of business judgment. 

We also conducted a survey on 


respondents said they’re 
ambivalent about the use- 
fulness of ROI measures, 
with the majority favor- 
ing the simpler but more 
limited “payback period” 
metric over the more 
complicated financial 
formulas. 
As I read the stories 
(and struggled valiantly 
through the math), I de- 
tected a distinct under- 
current flowing through 
the most successful applications of 
ROI metrics. It was the ROI conver- 
sation. The most important change 
taking place isn’t in the application 
of anybody’s mystical mix of metrics. 
It’s in the discussions taking place 
among the business, financial and IT 
folks as their companies cobble to- 
gether the best approach. 
Those conversations also revealed 





some useful lessons, including: 

Don’t count on any single metric. At Gay- 
lord Entertainment, the CIO uses the 
simpler measure of payback period 
for projects of less than $100,000, but 
he turns to more heavyweight finan- 
cial metrics like discounted cash 
flow for the bigger deals. 

Conserve your ammunition. Don’t 
squander a powerful ROI rundown 
on every project in sight. Save it for 


| the top 10% to 20% of your most vi- 


tal initiatives. 

Customize like crazy. Develop your 
own set of metrics, and pull your 
vendor and consulting partners into 
the game. If your suppliers can’t con- 
tribute any hard numbers or sensible 
metrics, you have to wonder, “What 
good are they?” 

Favor simplicity. If it takes more than 
a few weeks to evaluate a project, 
your method is too complex. CIO 
Catherine Kozik at Tellabs factors in 
two years of fully loaded IT costs 


| and a few other key measures that 
| map to the company’s strategic goals. 


“If you focus just on the ROI calcula- 
tion, then you're playing liar’s pok- 
er,” Kozik points out. “The biggest 
liar is going to win, and that’s ulti- 
mately not a successful business 
practice.” 

Amen to that. 

Let the conversation begin. D 





WERE A TEAM 
PLAYER, TOM. 





this topic on Computerworld.com last | 
month, and the majority of the 113 re- 


spondents confirmed that they are 
indeed doing ROI analyses regularly 
these days. Yet skepticism about 
these metrics still runs high. “As we 
say in IT,” one CIO quipped, “I don’t 
believe in any numbers I haven’t 
massaged myself.” About half of our 


| 
| 
| 
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PIMM FOX 


Leaders 
Need Vision 


HEN Hewlett- 

Packard announces 

its quarterly earn- 
ings later this month, analysts 


and customers will be looking 
for further evidence that the Compaq 
merger is bringing the benefits that 
Carly Fiorina promised when she ag- 
gressively stumped for the deal in the 
fall of 2001. So far the results look 
promising. 

HP surprised Wall Street in the pre- 
vious quarter by reporting a profit of 
12 cents per share during one of the 
most difficult times in history for IT 
vendors. And while consulting revenue 
is off and customer-support revenue is 
flat, there’s evidence that HP’s man- 
aged services and outsourcing opera- 
tions are growing. 

So where’s the 
chorus of praise for 
Fiorina? 

The media pillo- 
ried her — though 
there were some ex- 
ceptions [QuickLink 
23260] — for drag- 
ging HP toward an 
unworkable destiny 
within a decaying in- 
dustry. They lam- 
basted her for being 
blind to the founding vision of William 
Hewlett and David Packard, sacrificing 
jobs and the company’s very existence 
for the purportedly ill-conceived plan 
of combining with Compaq. 

Instead, her strategy is winning out. 
In his recently published book, Perfect 
Enough: Carly Fiorina and the Reinven- 
tion of Hewlett-Packard, George An- 
ders reveals several things about Fiori- 
na and her drive and character that 
should serve as lessons for all would- 
be leaders. 

First, you must have a vision of what 
you want to accomplish. That sounds 
pedestrian, but Walter Hewlett, who 
opposed the merger, misjudged the 
strength of Fiorina’s vision and lacked 
an alternative one — and lost his bat- 
tle with her. 

Second, you must have the commit- 
ment to see your vision through. Fiori- 
na clearly was committed to the merg- 
er. At one point, the investor vote to 
approve the merger hung in the bal- 
ance. It would have been easier for her 
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Looking Deeper 
Reaching Farther 


An intelligent network infrastructure featuring 


Cisco routers enhances the value of IT 
investments across the extended enterprise. 


Successful companies run on information. It’s that simple, and this reality 
drives unprecedented demands—and opportunities—for the peop 

wheel of the enterprise network. Consider the case of one Global 100 
manufacturer: With four technical assistance centers, a dozen regional 


offices, and more than 300 independent dealerships across the U.S., 


simple feat to keep the bits flowing. 


Yet flow they do, and not just in the form of data. By deploying 
high-performance, feature-rich Cisco routers at key sites, the company was 
able to extend IP telephony services securely across its wide-area network. 
As a result, they cut the cost of calls to the technical assistance centers by 
eliminating the need for separate phone services, increased employee pro 
ductivity by reducing the amount of time spent searching for information, 


and improved customer service by ensuring everyone is up-to-speed on 


products and services. 


is it the Network, or the Application? Yes. Because the applications 
that are transforming businéss today are completely reliant on the 
enterprise network. By investing in an intelligent network infrastructure, 
companies create a highly secure, robust foundation for any number of 
applications, and even help improve performance of those applications 
for users throughout the company. And that allows them to reap a 


greater return on countless IT investments—past, present, and future. 


Cisco SYSTEMS 


- 


' | 
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These days, it’s hard to distinguish the network from 
the company. If one stops working, so does the other 
works based on equipment from Cisco 
Systems offer unsurpassed availability, and, just as 
importantly, unsurpassed resilience in the face of 


nterruptions 


To maintain productivity—and by extension, 
profitability—networks must be available all the time 
providing employ with global, around-the-clock 

Ss to business applications and information 
while ensuring appropriate internet access 


And since a network is only as reliable as its 
weakest link, all segments must be resilient enough 
to immediately bounce back from unexpected 
connection, component, or power failures 


To some extent, availability depends on the overall 
design of the network. In many cases, companies will 
deploy dual routers with the Hot Standby Routing 
Protocol that Cisco pioneered, enabling one device to 
seamlessly take over if the other one fails 


But availability also hinges on the design of the 

idual routers themselves. That's why Cisco builds 
layers of redundancy and resiliency into the hard- 
ware, from backup processors and power supplies to 
hot-swappable line cards 


Such safeguards work in tandem with Cisco IOS 
Software features, including several recent enha 
ments collectively known as Globally Resilient IP, or 
GRIP. Cisco Nonstop Forwarding with Stateful 
Switchover, for example, enables a router's primary 
and backup processors to synchronize state 
information. That way, if a hardware or software 
problem knocks out the primary processor, the 
backup processor will pick up where it left off, 

hout needing to reboot the system or line cards, 
and without losing a single data packet 


And because Cisco 0S Software runs from 
enterprise backbone to the outermost reaches of the 
WAN, these capabilities can increase the availability 
of every segment of your network, and increase the 
productivity of every branch of your company 
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Advanced Quality of Service 


Imagine a city with wide roads and plenty of lanes, 
but no traffic lights. Things might flow smoothly 
enough at 3 a.m., but come rush hour, the resulting 
free-for-all would inevitably leave some motorists 
stranded in gridlock 


On the highways and byways of corporate networks, 
quality of service, or QoS, brings order and control 
to the bare asphalt of bandwidth. By prioritizing traf- 
fic, QoS ensures your most important applications 
and users get the bandwidth they need. For exam- 
ple, even slight delays in IP voice traffic will impact 
sound quality. But if an e-mail gets held up for a few 
seconds, no one will know the difference. So instead 
of just letting these applications compete for band- 
width, QoS mechanisms step in to direct traffic, wav- 
ing voice and video packets through while the e-mail 
momentarily waits behind metering lights 


By establishing priorities and policies that recognize 
such distinctions, companies can better meet the 
needs of all users and applications. The alternative 
is to blindly throw more bandwidth at every 
performance problem that comes along, an unrealis- 
tic expectation in these tough economic times. QoS 
tools provided by Cisco Systems allow our customers 
to meet the business requirement to do more with less. 


An intelligent infrastructure based on Cisco switches 
and routers provides a level of QoS sophistication 
that is simply unmatched in the industry. To provide 
true end-to-end QoS, Cisco routers classify and 
mark both inbound and outbound data packets, 
inserting tags that tell other network devices h 
traffic should be handled. As packets move across 
the network, policing and shaping mechanisms 
regulate the flow of traffic to ensure policies and 
priorities are enforce 


At the first sign of bottlenecks, congestion avoidance 
features take active steps to clear the way for the 
most vital data. Weighted Random Early Detection, 
for example, selectively drops packets ba on IP 
precedence to keep high-priority traffic flowing 


At the same time, advanced QoS features lend 
networks greater flexibility, making it easy to adjust 
to changing requirements and priorities. So easy, 
in fact, that policies can shift according to time of 
day, accommodating different business needs and 
patterns of network usage 


When you deploy Cisco high-performance routers, you enable the 
intelligent movement of information across the WAN, seamlessly and 
-curely link Itiple ne rh Pe od : 
securely linking multiple networks. IP communications, optimized content 
and application delivery, and embedded security features ensure you can 
safely deploy Internet business solutions such as e-learning, executive com- 


munications, customer relationship management applications, and more. 


These solutions can be extended to local, remote, or even mobile workers, 
increasing the overall value of technology. You can create tighter feedback 
loops, reduce transaction costs, and make more informed decisions on a 


global level, making your company more productive and profitable. 


For many organizations, the return on investment can be quite rapid. As 
Colonel Bill Hose of the Minnesota National Guard noted after deploying 
ony over a Cisco intelligent infrastructure, “We’re planning to 
expand our multimedia collaboration applications like videoconferencing, and 
with the money we save on telecommunications bills and network 
administration, we can also afford to put more money into ith for 


our end users.” 


Understanding and Managing the Data on Your Network. Through 
the combination of high-performance routers and multilayer LAN switches, 
an intelligent infrastructure is able to utilize not only the Layer 2 header 
information attached to every data packet, but also Layer 3 IP address 
information, Layer 4 port information, even Layer 5 through 7 content 


and user information. 


Cisco's portfolio of routers —inciuding the Cisco 7200, 7300, 
7400, 7500, and 7600 series routers pictured above — provides 
the flexibility, versatility, scalability, and feature richness to 
enable new applications and services 
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By looking deeper into 
streams of data, an intelligent 
infrastructure gains a more 
1 

complete understanding of all 
the traffic flowing through 
and between networks. It can 
classify and mark traffic 
based on users and applica- 
tions, and then use this infor- 
mation to carry out whatever oe 

. Cisco’s portfolio of routers—including the Cisco 
policies and guidelines you set. | SOHO, 800, 2600XM, 1700, and 3700 series 

routers pictured above-offers companies the 


ability to deploy advanced applications 


You can establish priorities, c 
throughout their networks 


control and conserve band- 

width, and manage access to optimize employee productivity and to suit 
the unique needs of your company. You can adapt to changing require 
ments, from a routine shifting of priorities based on time of day to the 
deployment of new applications across the LAN and WAN. And you can 
extend robust, secure network services to partners, suppliers, customers, 


and employees anywhere in the world. 


Improving Productivity — The emergence of this global, scalable 
approach to networking comes at an opportune time. Over the past sever 
al years, network-enabled applications have emerged as the leading driver 
of corporate productivity. At the same time, they’ve reduced the cost of 
doing business. In a study sponsored by Cisco Systems, researchers at the 
University of California at Berkeley, The Brookings Institution, and 
Momentum Research Group last year estimated that the adoption of 
Internet business solutions had yielded cumulative savings of $155 billion 
in the U.S. alone. They projected an additional $373 billion in future cost 


savings, most of it to be realized by 2005. 


Yet many organizations lack the network infrastructure to make the most 
of their existing applications, much less future ones. One reason is that 
access to these applications frequently does not extend beyond the walls 


of corporate headquarters, despite the fact that an estimated 42 percent of 


enterprise employ ees work out of remote locations. 


An intelligent network infrastructure provides everyone with the resources 
to do their jobs more efficiently and effectively. Applications can be 
securely extended out from headquarters routers to any location with 
intelligent, high-performance WAN aggregation routers which connect to 
access routers across the enterprise, linking branch offices, mobile work 


ers, partners, suppliers, and customers in a seamless network. 


Integrated Security 


These days, it takes a lot more than a firewall to 
protect corporate networks 


After all, access is rapidly being extended beyond 
traditional corporate boundaries to branch offices, 
mobile workers, partners, suppliers, and customers 
And that's a good thing, since it allows companies 
to do business more quickly and efficiently than 
ever. But it also opens up new risks, both internally 
and externally 


Cisco integrated security solutions provide the 
industry's most comprehensive and scalable 
safeguards, enabling you to protect productivity 
gains and reduce network operating costs from the 
head office to the branch office and beyond 


It starts with the Cisco SAFE Blueprint, which 
simplifies all aspects of security design and rollout 
Whether you're reinforcing the entire network at 
once or taking incremental steps, SAFE serves as a 
guide to best practices in enterprise networks, 
focusing on expected threats and methods of 
mitigation, rather than specific topologies. It's a 
flexible, dynamic strategy for implementing multiple 
layers of defense, so the failure of one system will 
not be likely to compromise network security overall 


By the same token, the array of security features 
integrated into Cisco routers gives you the choice 
of implementing whatever levels of protection 
measures they need, wherever they need them 
Integrated AAA services (Authentication, 
Authorization, and Accounting), virtual private net- 
work services, intrusion detection systems, content 
filtering, and stateful firewalls are all available to 
keep data safe as it moves through and between 
networks—without impacting performance 


In a study released last year, the FBI and the 
Computer Security Institute surveyed 503 U.S. com- 
puter security practitioners in the public and private 
sectors, and found that 90 percent had detected 
security breaches within the previous 12 months 


The most commonly reported problems included 
employee abuses of network resources, system pen- 
etration by hackers, and denial-of-service attacks 
Any of these issues would be alarming, but together 
they demonstrate the range of threats companies 
face today, and show why no single point of defense 
is enough 


Integrated security is a hallmark of all Cisco 
products, from the switches and routers that form 
an intelligent network infrastructure, to Cisco PIX 
Firewalls, VPN Concentrators, Intrusion Detection 
appliances, IP phones, and wireless access points 
That level of protection should be reassuring to 
employees, partners, and customers alike 
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The Answer is Cisco— As the worldwide leader in networking for the 
Internet, Cisco offers the industry’s largest and most versatile portfolio of 
routers to suit every n from the home office to the branch office to 


the enterprise campus. Modular designs allow you to expand network 


services incrementally as new needs and opportunities arise. 


Integrated features such as virtual private network services, firewalls, 
intrusion detection systems, content delivery, survivable remote site 
telephony, inline power, and low-density switching allow you to confident 
ly deploy the most demanding solutions, including converged data, voice, 


and video applications. 


Cisco routers also offer a unique level of investment protection. Cisco 
Systems devotes approximately 18 percent of sales to R&D, giving our 
‘ngineer hed resource build sstablished product 1 
engineers unmatched resources to build upon established products anc 
technologies. Take Cisco IOS” Software, for example, the operating sys- 
tem that unifies all Cisco routers and switches and provides most of the 
intelligence in the network. At this very moment, 1,200 people are work- 
ing to enhance and expand the capabilities that have made it a pillar of 


networks the world over. 


By designing products with the future in mind, Cisco offers the best value 
over the long term. New features and functionality can be incorporated 
as needs change and technologies evolve, which lowers the total cost of 
ownership by saving you the expense of replacing something that won’t 


be supported a year or two down the roa 


And at Cisco, support means much more than simply providing hardware 
and software. As Fortune magazine recently observed, “Whenever there is 
a problem big or small, the folks running the networks in corporations 


know they can call Cisco.” 


That peace of mind might not be your only motive for building an intelli 
gent infrastructure with Cisco routers and switches, but it’s a surefire sign 


of an intelligent investment. 
Learn how Cisco routers can offer 


-your company a greater return on its | 
investments in technology. 


Cisco SYSTEMS 


ert Manageability 


While an intelligent infrastructure offers powerful 
benefits, managing something so sophisticated 
can sound overwhelming, particularly to a harried 
!T department. But with the right tools, you can 
actually simplify most administrative tasks even as 
you gain greater control over network resources 


Cisco Systems provides those tools, ensuring you 
can capture all the benefits of an intelligent net- 
work infrastructure, without having to be an exp 
on every feature and capability 


One reason is that Cisco 10S° Software unifies all 
Cisco switches, routers, and other devices, creat- 
ing a network that is inherently more manageable 
and providing a rich source of data to help 
optimize network operations 


Drawing on that rich IOS data and unmatched 
industry expertise, Cisco has built best practices 
into the CiscoWorks family of Web-based network 
management tools, helping you to streamline 
management tasks and secure your network from 
end to end 


CiscoWorks templates and wizards simplify and 
automate complex configurations to help you 
implement security policies, use QoS to prioritize 
traffic for IP telephony or other time-sensitive 
applications, and manage a range of other opera 
tions. These tools also help prevent human 
errors—mistakes that can open holes in security 
or even bring down the network, cutting into your 
company’s profits 


If a problem does occur, you won't be caught off 
guard. A properly managed intelligent infrastructure 
continually monitors for faults, and can even spot 
deteriorating conditions before they get out of 
hand, providing a safety net for your business 


CiscoWorks management applications give you the 
visibility to monitor the impact of the network policies 
and priorities you establish, and the flexibility to 
fine-tune things as you go along, and add new 
technology as your needs change and the network 
grows. As a result, you can get more out of your 
business applications today, and also do a better 
job of pianning for the future 


If that sounds like good news just for the IT 
department, consider this: It's been estimated that 
for every dollar a company spends on new tech 
nology, it can spend another four trying to make it 
work. So it stands to reason that the better y 
managing your network, the better you're manag- 
ing your business. 
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if she had presented an alternative for 
* HP if the deal was voted down. Ac- 
cording to Anders, she never did be- 
cause “she wanted to project constant 
certainty that the HP-Compaq merger 
was the right choice for the company 
and that she was confident most 
shareholders would agree in due 
time.” Any inkling she wasn’t con- 
vinced would have hurt her cause. 

The same is true of any leader who 
tries to engage and motivate people to 
follow a difficult or unpopular route. 
It’s wiser to show courage and deter- 
mination to achieve a specific goal 
than to set out distracting alternatives 
or a Plan B. 

Of course, vision has to be thought 
out and responsive to market changes, 
but wavering in front of the very 
people who look to you for leadership 
— no matter how touchy-feely the 
management books tell you to be — 
doesn’t inspire respect. And it certain- 
ly won’t help your results. D 


DAVID MOSCHELLA 


War Results 
Are Key to 
IT's Future 


T’S WINTERTIME, and 

the only thing growing is 

the number of IT spend- 
ing forecasts. Goldman Sachs 


and Meta Group say our in- 
dustry is shrinking; IDC, Gartner and 
Forrester expect modest growth. Of 
course, no one really knows. 

Most of these projections are based 
on surveys of people like you. And 
since you don’t know how much you 
will actually spend this year, how can 
they? At best, spending forecasts re- 
flect the range of current business sen- 
timents. But these sentiments can 
change quickly, depending on how the 
year develops. And during 2003, there 
will be only one factor that ultimately 
matters: war. 

Even today, many free-market pro- 
ponents are reluctant to acknowledge 
the fact that it took World War II to fi- 
nally end the Great Depression and 
create the long U.S. boom of the 1950s 
and ’60s. Conversely, anyone over 40 
surely remembers how America’s dis- 
astrous experience in Vietnam con- 
tributed to the pessimism, anxiety and 
stagflation of the late 1970s. Experts 
predicted that the best days of the U.S. 
had passed and that Japan and Ger- 


OPINION 


many would become the 
world’s new economic lead- 
ers. Ronald Reagan became 
president by explicitly re- 
jecting this message. 

Given this history, it has 
always surprised me how 
few connections have been 
drawn between the last 
Gulf War, which ended in 
February 1991, and the long 
U.S. economic boom that 
began in 1992. America’s 
surprisingly easy victory 
was particularly important 
to the IT industry, since it 
demonstrated to the entire 
world the power of ad- 
vanced technology. Looking back, it 
was the economic decline of Japan, the 
renewed confidence in modern, most- 
ly U.S. technology, and the emergence 
of the Internet between 1993 and 1995 
that sent the U.S. economy and the IT 
sector into overdrive. 

Today, another war is increasingly 
likely and will also prove pivotal. Even 


more than the dot-com 
bust and sickening cor- 
porate scandals, it’s the 
threat of terrorism, the 
risks of war and the grow- 
ing anti-Americanism in 
many corners of the world 
that are weighing down the 
IT marketplace. Thus, until 
we know whether interna- 
tional events are about to 
get better or worse, we 
can’t possibly know which 
way our industry is head- 
ed. And although the im- 
pact of these events upon 
IT spending is among the 
least of our concerns, that 

doesn’t mean their effects are any 

less real. 

Clearly, many of us have different 
views about Iraq and the wider war on 
terrorism. But there’s little doubt that 
unless major new terrorist attacks are 
avoided and the Iraq (and possibly 
North Korean) situation is resolved in 
a way that satisfies both the U.S. and 
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most of the rest of the world, a strong 
2003-04 IT market recovery won’t 
happen. And should any of these situa- 
tions turn out badly, their impact upon 
our industry will likely be severe. 
American-led interventions in Kuwait, 
Bosnia, Kosovo and Afghanistan have 
gone much better than most people 
expected; we can only hope this will 
continue. 

The IT industry today doesn’t need 
Tablet PCs, Linux, Web services or 


| wireless LANs. It needs confidence in 


the future. This is essential for the 
risk-taking and long-term investment 
that a healthy IT business requires. 
Unfortunately, such confidence is all 
but impossible in the current environ- 
ment of fear and looming hostilities. A 
real recovery will have to wait for 
more peaceful times. Let’s hope they 
return again soon. DB 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site 
www.computerworld.com/columns 
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Contracts Depend on Relationships 


ANY OF US have seen a rela- 

tionship-threatening issue 
arise as a result of contract inter- 
pretation, despite the best inten- 
tions on both sides [“ROI or Your 


What Silver Lining? 
OW, IT’S GREAT that there’s 
asilver lining to outsourcing. 

| thought we had to be worried that 

Americans wouldn't be able to do 

programming and engineering any- 

more. Instead | find out from Mary- 
fran Johnson's editorial “Your Out- 

sourced Future” [QuickLink 36001] 

that former IT workers will all get to 

be executives and project man- 
agers. When do we start? After all, 
there must be lots of executive jobs 
available at the great American 
companies that have shown they 
are eager to hire Americans. 

Linda Evans 

Matthews, N.C. 


WOULDN'T ENTRUST a remote 

third party with trade secrets and 
client records. Instead, we should 
outsource the higher-level deal- 
making and schmoozing, which are 
more generic and replaceable. 
Chris Clement 
Palm Harbor, Fla. 





Money Back,” QuickLink 35982]. 

ROI is based on input from both 
parties and on projections about the 
future. ROl-based payment con- 
tracts are complex and can require 
a labyrinth of terms and conditions 
to protect both sides from subjec- 
tive interpretations and changes in 
the business environment that in- 
validate the ROI assumptions. 

A good guideline is to embed as 
few variables as possible and tie 
performance-based payment to 


| verifiable metrics that underlie the 
ROI. Although tying payment to ROI 
| is desirable, it’s far from a panacea. 
Ultimately, a performance-based 
contract depends on a quality rela- 
tionship and the integrity of both 
sides. If those are present, then the 
measurement process will validate 
that relationship, but in many cases 
it will merely test the relationship - 
with the consequent legal fees. 
George Blanck 

Senior architect, x40 
Associates Inc., New York, 
gsblanck@nyc.rr.com 





Abuse of H-1B Visa System Is Rampant 


SUSPECT THERE ARE several 

reasons why IT and engineering 
professionals object to the H-1B 
program, as implemented [Quick- 
Link 36047]. The program was os- 
tensibly designed to meet technical 
service needs and fill shortages. 
What actually happens is that H-1B 
workers with the same skills as 
many out-of-work U.S. workers are 
brought in for the purpose of bid- 
ding down contracting rates and 
salaries and making quick profits. 

In the U.S., people from the same 
countries as the H-1B workers abuse 
and cheat them, paying them far less 
than half of the gross billing and hold- 
ing them hostage by taking away 


| their passports and return tickets. 
Even when they find out what's be- 
ing done to them, these well-educat- 
ed, competent and honest profes- 
sionals often feel powerless and 
continue to accept these conditions 
as preferable to deportation. 


al and technical service firms to en- 
gage in full disclosure and an- 
nounce billing rates and consul- 
tant/contractor compensation to 
clients and workers. The more ethi- 
cal firms already do that, and in so 
doing earn the respect and loyalty 
of their clients and consultants. 
Charles H. Collins Jr. 

IT consultant, Ledgewood, N.J. 





Maypbe it’s time for all profession- 





Apps Not at Fault 


WAS VERY DISAPPOINTED with 

the premise of the Jan. 27 article 
“Asset Management Projects 
Falling Short” [QuickLink 35867], 
that packaged asset management 
software is somehow to blame for 
failing asset management pro- 
grams. Much of the advice was 
sound — process is important, as 
are frequent audits - but you didn’t 
illuminate the real causes of failed 
projects: trying to do too much with 
the wrong tools, and not taking a 
deliberate, phased approach. 
Ted Jastrzembski 
President, Tally Systems 


| Corp., Lebanon, N.H. 


Editor’s note: The writer's com- 
pany is an asset management soft- 
ware vendor. 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Letters, 
Computerworld, PO Box 9171, 500 
Old Connecticut Path, Framingham, 
Mass. 01701. Fax: (508) 879-4843. 
E-mail: letters@computerworld.com. 
Include an address and phone num- 
ber for immediate verification. 


More letters on these and other 
topics are on our Web site: 


.com/letters 
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The Next Chapter Where ROI Models Fail 


It may be time to dig out your old finance ROI models such as net present value are 
textbooks, says one pundit. Others predict that effective in helping CIOs cost-justify IT 
Wall Street analysts will start monitoring investments to top brass, but they come up 
corporate IT investments and that CIOs will short in measuring “soft” benefits such as 
find their compensation linked to delivering the impact on sales, customer service or 
ROI. Page 43 employee productivity. Page 38 





EDITOR’S NOTE 


do return-on-investment calculations is 

business malpractice. And I’ve heard the 
argument that they’re a waste of time. The 
truth is more complicated, of course. 

As a general rule, major IT investments 
should go through the ROI wringer just 
like any other business investment — even 
more so, because IT investments have a 
tarnished history. One side benefit to ROI 
scrutiny is that it can kill off pet projects 
that need to be stopped, like the customer 
relationship management initiative 
launched because the marketing vice pres- 
ident is a golf buddy of a guy at Siebel. 

Doing the math is especially important 
for projects that have million-dollar price 
tags. On the other hand, it may be overkill 
for projects so small that the ROI exercise 
would be more expensive than the project 
itself. Even ROI calculations need an ROI. 

And sometimes, an IT project would de- 
liver such a mind-blowing competitive ad- 
vantage that crunching the numbers seems 
unnecessary. There’s a chance that we’re 
killing off revolutionary IT ideas with to- 
day’s relentless focus on the 12-month 
payback. 

I’m inclined to agree with John Jordan, a 
big thinker at Cap Gemini Ernst & Young, 
who predicts that there will be a middle 
ground between what he calls the “just do 
it” and the “by the book” ends of the spec- 
trum. “This middle ground will still re- 
quire sound business cases,” he says, “but 
they'll incorporate a mix of common sense, 


professional judgment, quantitative model- 

ing and strategic perspective.” D 

Mitch Betts (mitch_betts@computerworld. 

com) is director of Computerworld’s 

Knowledge Centers. & 


KNOWLEDGE CENTERS ONLINE A CIOs guide to the 
More features and resources on this topic: 

ihn 240 strengths and weaknesses 
of ROI calculations. 
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application development. One developer at a time. Today, 
we're accelerating the entire development and deployment 
team — architects, programmers, testers, implementers, and 
managers. Speed and agility come from our best-in-class 


#1 independent path to Microsoft®.NET 
#1 in Linux® development solutions * 
#1 in Java™ development solutions* 


——— 


products seamlessly integrated in the Borland® Suite - erasing 


technology boundaries that prevent people from working 
together. No platform lock in. No: arbitrary process. Built for 
tomorrow’s technology infrastructure. Today’s Borland. Just like 
yesterday’s. Only faster, yet. Accelerate your team today. Excellence Endures 
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CIOs who do 
the ROI math 
have some tips 
for making the 
task easier and 
~~ ~ 

more beneficial. 
By Johanna 
Ambrosio 

HEIR METHODS MAY VARY, 

but IT executives who cal- 

culate return on investment 

before launching major 

technology projects say they 

reap benefits that make do- 
ing the math worthwhile. 

The most obvious payoff is getting 
resources to do the job, but the ROI 
process also forces IT to explain to 
corporate management what’s going 
on. This can provide buy-in for a par- 
ticular project. It also enforces two- 
way communication between the CIO 
and other company executives about 
IT’s overall role in the company. 

Here’s what four IT executives say 


about the benefits and lessons learned 
from their ROI calculations. 


Factor in Business Goals 


Just about all the IT executives inter- 
viewed for this article agreed that us- 
ing a single ROI model isn’t enough to 
justify an expensive technology buy. 

“Anybody can play with the numbers 
and make an investment look attrac- 
tive,” says Steve Brown, CIO at Carlson 
Companies Inc. The Minneapolis- 
based travel conglomerate and parent 
of Radisson Hotels, among other 
brands, recently enacted a more strin- 
gent set of guidelines for IT projects. 
To get approval, IT projects have to add 
to top-line revenue growth or profit, re- 
duce costs, create or strengthen the ex- 
isting brand image or mitigate a risk. 
The guidelines help the company steer 
clear of bad investments and maximize 
the investments it does make. 

“Each measurement is something 
important to a specific business unit or 
to the company to help us grow,” says 
Brown. “As conditions change, we can 
measure the effect of the changes in 
each business unit’s quarterly results. 
So if something changes in the busi- 
ness, we can tie it back to our strategy 
— it’s not a lagging indicator.” 
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Look Beyond Financials 

But where Carlson turned to a stricter 
approach to ROI, Catherine Kozik, CIO 
at bandwidth services provider Tellabs 
Inc. in Naperville, Ill., went the other 
direction. “We do simple math,” she 
explains. “We look at the fully loaded 
costs for the first two years — imple- 
mentation costs, people and acquiring 
skills. But there’s a limitation to tie ac- 
curacy of the data in many ROI mod- 
els, so what’s the point? If you’re mak- 
ing up numbers to begin with, it’s not 
really going to help you” decide 
whether an IT project makes sense. 

So instead of a financial-only ROI 
process, Kozik’s group looks at many 
factors as part of its overall evaluation 
of any new technology. First is how 
mature the technology is and whether 
it represents a continuation of the 
company’s existing skill set or a totally 
new direction. 

Kozik’s group also looks at the mar- 
ket position of the vendor — not its 
financial strength — she says, because 
in a down market, many technology 
providers are struggling. Instead, she 
figures, if the product or service has 
the lion’s share of its market, it will 
continue to be offered, even if the ven- 
dor is ultimately acquired by another. 

The last step is viewing the project in 
the context of the firm’s overall strate- 
gy. “Not the written strategy or whatev- 
er people are paying lip service to, but 
the things that are really important to 
the executive team,” Kozik says. “I con- 
sider it my No. 1 job to keep in touch 
with what’s going on at that level.” 

After all these factors are gathered 
and given a numerical weight — costs, 
skill sets, market position of the ven- 
dor and how the project fits with 
Tellabs’ overall strategy — the IT team 
assigns the pending project an assess- 
ment number. The lower the number, 
the more risky the project and the 
more iffy its likelihood of success. 

All told, the entire ROI process takes 
only about two weeks at most. “We 
don’t want to overengineer the proc- 
ess, because then people would walk 
away,” Kozik explains. 


Save ROI for Big Projects 


La-Z-Boy Inc., a furniture maker in 
Monroe, Mich., takes a different ap- 
proach. There, ROI analyses are done 
only for “major” IT projects — those 
over a certain dollar amount that Gary 
Clark, director of corporate IT ser- 
vices, declines to specify. He says that 
perhaps 10% to 20% of all IT projects 
are put under a sharp financial micro- 
scope, but those projects represent a 
majority of the IT budget. 








It's helpful to remember why ROI is 
done in the first place: to get the dollars 
needed for IT, certainly, but more im- 
portant, for IT to help the business 
achieve its objectives. 

The jury has been out for years about 
IT's role in enabling productivity. A No- 
vember 2002 report by McKinsey & Co. 
says IT's impact over the past decade 
has been “diverse and complex, de- 
pending on when, where and how it has 
been deployed.” 

Indeed, the report singles out only 
three sectors where IT has had a quan- 
tifiable impact on productivity: semicon- 


Clark echoed a sentiment heard 
from other CIOs: Because of the time 
and resources required to do any type 
of major financial analysis of new tech- 
nology, many shops reserve a truly 
in-depth ROI process for their biggest- 
ticket or highest-impact strategic ini- 
tiatives. Adding more PCs or storage to 
existing systems is hardly worth the ef- 
fort in most cases; those kinds of ex- 
penditures typically come out of the 
operations budget. 

La-Z-Boy looks at any projects that 
are subject to ROI analysis for how 


DO’S AND DON’TS 


DO CREATE an RO! document that ex- 
plains what you're pitching and why, and 
what the different options are. Use visual 
aids to help explain the technology you're 
proposing. 


POOP eee O ee eee se eeeseseaseseeHesenes 


DO USE RO! within a broader context - 
with a balanced scorecard, for instance - 
to know where all your IT projects stand 
relative to one another. 


DO JUSTIFY IT expenditures in terms 
of how they'll make the company more 
successful. 

DON'T CONDUCT an in-depth RO} analy- 
sis for every project; it takes time to do it 
properly, so save it for your major expendi- 
tures or key initiatives. 


DON'T FORGET to figure the level of risk 
for a particular project. If you're proposing 
several high-risk projects at the same 
time, you're probably setting yourself up 
for failure. 

DON'T NEGLECT to revamp your ROI 
process every year or two. Like any other 
process, it needs to keep up with company, 
competitive and global economic changes. 





‘lough Task 


ductors, retail and financial services. 
Just as there is no silver bullet in 
terms of IT's financial impact, there is 
no single answer regarding how to 
measure technology-related ROI and 
what to include in that assessment. 
Expectations for IT's ROI can and have 
changed, based on the economic cir- 
cumstances and corporate culture. 
Erik Brynjolfsson, a management 
professor at MIT's Sloan School of 
Management who specializes in IT ef- 
fectiveness, says that “unfortunately, 
many worthy projects are not getting 
funding” right now. “After being burned 


much the initiatives will cost in terms 


by vague promises in the past, CFOs 
have become highly skeptical” of the 
promises of IT's soft benefits and are 
insisting on hard, tangible returns for 
each investment, he notes. 

“While a bit of this is healthy,” Bryn- 
jolfsson says, “my research shows that 
up to 90% of the costs and benefits of 
IT investments are in intangibles. Firms 
that ignore this fact risk sacrificing their 
long-term growth to make their short- 
term numbers. Striking the right bal- 
ance requires a fair assessment of both 
tangibles and intangibles.” 

- Johanna Ambrosio 


help reduce the time it takes to devel- 


of ongoing maintenance fees, as well as | 


for net present value. The net present 
value method essentially figures out 
how much the project’s future net cash 
flow will be worth in today’s dollars. 
That amount is then compared with 
the amount of money needed to imple- 
ment the project. 

Even for technology projects, calcu- 
lating ROI isn’t necessarily an IT-only 
endeavor. Business users and/or finan- 
cial people may gather the data and 
work on some of the analyses for the 
largest projects. As Clark says, “It’s not 
our expertise to understand what a 
CRM package is going to bring to the 
company; the business unit is the one 
that knows. So they’re doing the ROI 
on that the data.” 


Work With the Finance Folks 


At General Motors Corp., IT staffers 
work closely with the financial organi- 
zation to do ROI analyses, says Tony 
Scott, chief technology officer at the 
automotive giant. “The financial orga- 
nization has a formal ROI calculator — 
what we’re replacing, current costs, 
future costs, transition costs and other 
metrics,” he says. 

Where this model isn’t as helpful is 
when technology is being used to do 
something completely new. “If we have 
a new business venture, there’s nothing 
to compare it against” — no historical 


op a new car from 48 months to 18. 
Both complicating and helping mat- 


| ters is GM’s organizational chart. 

| Within IT, there are CIOs responsible 

| for overall IT profit and loss (P&L) 

| within a given geographic region. Then 





| there are PIOs, or process information 
| officers, who are responsible for spe- 

| cific horizontal applications across all 
| geographic regions — manufacturing 


or finance, for instance. 
“There’s a natural tension between 


PIOs, who want to drive new applica- 


tions, and CIOs, who want to optimize 
P&L for their region,” Scott says. 


| “There are interesting discussions 


about what’s the right thing to do at 


| any intersection of that matrix.” One 


result, though, is that “it’s hard to pull 


| the wool over anyone’s eyes — you 
have to make a business case in each 
| geographic region” for any major new 


technology initiative, he says. 
As Tellabs’ Kozik explains, “If you 
focus just on the ROI calculation, then 


| you’re playing liar’s poker. The biggest 


liar is going to win, and that’s ultimate- 
ly not a successful business practice. 
So we have to get back to what we’re 
trying to achieve: value to our custo- 
mers and shareholders. Our justifica- 
tion process makes sure we’re working 


| on the right things for the business.” D 





Ambrosio is a freelance writer in 


trends or costs, Scott says. This is where | 
| jambrosio@earthlink.net. 


it’s crucial to align organizational objec- 
tives, he explains. It becomes a lot easi- 
er to justify something when you can 
show that it will grow customer reten- 
tion by 15%, because that benefit is al- 
ready well tracked and well understood. 
One key ROI metric is time spent or 
saved, and GM has used technology to 


Marlboro, Mass. Contact her at 





THE CARLSON WAY 


For more on CIO Steve Brown's approach to ROI, 
including how a possible war with Iraq might factor 
into his analysis, read the full Q&A 
QuickLink 35952 
www.computerworld.com 





C i The Magic Genie Lamp 
4 


was celebrated in server 


The Magic Genie Lamp. 
Turn on power, 


mamer rooms. With one rub, the 


owner’s manual read, the genie would 


grant added capacity. With another, he would 


reduce the added capacity. With a third wish, 
servers would instantly be self-healing. All in the 
blink of an eye. It was a lifesaver. A cost saver. I'T directors 
were giddy. They could handle spikes. Their servers would never 
crash. They'd run at peak performance. It was beyond belief. Way beyond 


belief: the Magic Genie Lamp was still in beta testing and never actually worked. 
AND THAT’S WHEN THEY CALLED IBM. 


Introducing the next generation of the IBM @server iSeries” with select models 
featuring on/off capacity on demand. Need more capacity? Turn it on. The processors 
are already installed. Spike over? Ratchet back down. On demand. You pay for the 
processors you activate. All in an environment that supports 
Linux? Windows” and OSA00° Besides self-managing capabilities, 
the iSeries can be preloaded and integrated with IBM WebSphere‘ 


software. For your copy of “Why i: The Next Generation of iSeries 8 @server iSeries. 
: . i Real magic. 
For the real world. 


Systems in the On Demand Era,” visit ibm.com/eserver/genie 


IBM, the e-business logo, eServer, iSeries, OS/400, WebSphere and e-business on demand are trademarks or registered trademarks of International Business Machines Corporation in the United States and/or 
other countries. Linux is a registered trademark of Linus Torvalds. Windows is a trademark of Microsoft Corporation in the United States, other countries, or both. Other company, product and service names 
may be trademarks or service marks of others. © 2003 IBM Corporation. Alll rights reserved. 





MAGIC GENIE LAMP 


Three wishes. 


At your command. 


Operates with oil 
and hand rubbing. 


Brass-based. 


Mysterious and powerful. 


Imaginary capabilities. 


Not available. 


IBM © server iSeries 


On/off capacity. 
On demand. 


Operates with Windows, 
Linux and OS/400. 


Copper-based. 


Simple and powerful. 


Self-managing capabilities. 


Available through IBM and 


IBM Business Partners. 


@ business on demand 
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Payback Period 


It’s quick, easy, popular — and 
incomplete. By Gary H. Anthes 


DEFINITION: An investment’s payback period in years is equal to the net invest- 
ment amount divided by the average annual cash fiow from the investment. 


STRENGTHS: It’s easy to compute, easy to understand and provides some indi- 
cation of risk by separating long-term projects from short-term projects. 


WEAKNESSES: It doesn’t measure profitability, doesn’t account for the time 
value of money and ignores financial performance after the break-even period. 





AYBACK PERIOD is the most 
widely used measure for 
evaluating potential invest- 
ments. Its use increases in 
tough economic times, 
when CIOs are apt to say 


| things like, “We won’t even consider 


a project that has more than a 24- 
month payback.” 

For those IT managers, projected 
cost savings or revenue enhancements 
resulting from the project would have 
to equal or exceed the upfront invest- 
ment within two years for the project 


| to win approval. 


“We start with payback period,” says 
Ron Fijalkowski, CIO at Strategic Dis- 


| tribution Inc. in Bensalem, Pa. “For 
| sure, if the payback period is over 36 


months, it’s not going to get approved. 
But our rule of thumb is we'd like to 


| see 24 months. And if it’s close to 12, 


it’s probably a no-brainer.” 

Payback period has the virtue of 
being easy to compute and easy to 
understand. But that very simplicity 
carries weaknesses with it. Payback 
period says nothing about how the 
investment performs after the break- 


| even period. 


Consider the two examples of $1 mil- 
lion projects shown in the chart at right. 
A bank can spend $1 million on server 


| consolidations and save one-third that 


amount in each of the following three 
years on reduced license fees, telecom- 
munications costs and systems admin- 
istration labor. Or it could spend the 
same amount to install ATMs, elimi- 
nate four teller positions and save 
$250,000 per year indefinitely. 





Which is a better investment? Pay- 
back analysis clearly favors the server 
consolidation, which recoups its in- 
vestment a year earlier than the ATM 
project. But the ATM project goes on 
to produce returns after three years 
and is therefore a better long-term 
investment. In fact, the server project 
isn’t even profitable. 

“Payback gives you an answer 
that tells you a bit about the be- 
ginning stage of a project, but it 
doesn’t tell you much about the 
full lifetime of the project,” says 
Chris Gardner, a co-founder of iValue 
LLC, an IT valuation consultancy in 
Barrington, Ill. 

But payback period’s emphasis on 
the short term has a special appeal 
for IT managers. “That’s because the 
history of IT projects that take longer 
than three years is disastrous,” says 
Gardner. 

Indeed, Ian Campbell, chief research 
officer at Nucleus Research Inc. in 
Wellesley, Mass., says payback period 
is an absolutely essential metric for 
evaluating IT projects — even more 
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important than discounted cash flow — 
because it spotlights the risks inherent 
in lengthy IT projects. “It should be a 
hard and fast rule to never take an IT 
project with a payback period greater 
than three years, unless it’s an infra- 
structure project you can’t do without,” 
Campbell says. 

Of course it’s possible to consider 
payback period in concert with other, 
more sophisticated measures. Payback 
period may be a good way to quickly 
size up a portfolio of projects and win- 
now it down to a few that merit more 
careful scrutiny with, for example, dis- 
counted cash flow. 

The simplicity of computing pay- 
back may encourage sloppiness, 
especially the failure to include 
all costs associated with an in- 
vestment, such as training, main- 
tenance and hardware upgrade 

costs, says Douglas Emond, senior vice 
president and chief technology officer 
at Eastern Bank in Lynn, Mass. For ex- 
ample, he says, “you may be bringing 
in a hot new technology, but uh-oh, 
after implementation you realize you 
need a .Net guru in-house, and you 
don’t have one.” D 





| PAYBACK RESOURCES 


Links to more tutorials on payback calculations 
are available at: 
QuickLink 36052 
www.computerworld.com 


PAYBACK PERIOD: 


What It Looks Like 


SS 

7 ae + *: ae 
re 
5 
Total 


$1 million 


3 years 


eT eCoL Mt lee] 


Investment: $1 million 


Investment: $1 million 


$250,000 
$250,000 
$250,000 
$250,000 
$250,000 
$1.25 million 


4 years 


@ A payback calculation answers the question: How long will it take to get my 
money back? But it doesn’t tell you much about the investment after the break- 
even point. In this example, a bank can spend $1 million on server consolidation 
and recoup its costs in three years. Or the bank could spend the same amount on 
ATMs and recoup its costs in four years. The server project is the payback winner, 
but the ATM project saves $250,000 per year indefinitely. 





Every customer is an investment. But are you investing wisely? 
mySAP™ CRM, the only open and integrated CRM solution, makes valuable 
customer data available to your entire organization. In real time. So the back 
office knows what the front office knows, which makes it easier to give 


customers what they need. A lot more efficiently. And for a lot less money 


Visit sap.com or call 800 880 1727 to find out more about mySAP CRM 


THE BEST-RUN BUSINESSES RUN SAP 
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Net Present Value 


Measure the future in today’s 
terms. By Gary H. Anthes 


DEFINITION: The net present value (NPV) of an investment is the present (dis- 
counted) value of future cash inflows minus the present value of the investment 


and any associated future cash outflows. 


WHAT IT MEANS: It’s the net result of a multiyear investment expressed in 


today’s dollars. 


such things as cost of capital, interest rates and investment opportunity costs. 
It’s especially appropriate for long-term projects. 


WEAKNESSES: Ranking investments by NPV doesn’t compare absolute levels 
of investment. NPV looks at cash flows, not at profits and losses the way account- 
ing systems do. NPV is highly sensitive to the discount percentage, and that can 


be tricky to determine. 


@ NPV considers the time value of money. In this example, we compare two $1 million projects with a minimum desired rate of 
return of 10%. On the basis of simple cash flow, the ATM installation looks better because it generates $250,000 more over the 


life of the investment. But when the time value of money is considersd, the server consolidation project looks slightly better, with 
an NPV higher by $9,000, because the returns occur earlier in the project's life. 


NLIKE the more widely 
used payback period, NPV 


accounts for the time value | 


of money by expressing 
future cash flows in terms 
of their value today. It rec- 


| ognizes that money has a cost (inter- 
| est), so that you would prefer to have 
| $1.00 today to having $1.00 a year from 


now. If you earn 10% interest on your 


NET PRESENT VALUE: 


What It Looks Like 


ATM installation 


-$1 million 
+$500,000 
+$500,000 
+$500,000 
+$500,000 
+$500,000 
+$1.5 million 


-$1 million 
+$454,500 
+$413,000 
+$375,500 
+$341,500 
+$310,500 
+$895,000 





money, $1.00 today will be worth 
$1.10 a year from now. Or, turning that 
around, the “present” value of $1.10 
one year out is $1.00. 

You probably wouldn’t want to make 
an investment that’s estimated to pro- 
duce a negative NPV. The bigger the 
NPV — other things being equal — the 
more attractive the investment is. 

Computing NPV requires use of a 
discount rate equal to some min- 
imum desired rate of return. This 
could be your company’s average 
weighted cost of capital (debt 
and equity) as computed by your 
finance department. If capital costs 
your company 10%, you aren’t likely to 
invest that capital for an 8% return. Un- 
fortunately, computing the cost of capi- 
tal can be difficult and controversial. 

The discount rate (say, 10%) deter- 
mines the discount factor for each year 
(say, .909) that is applied to that year’s 
cash flow to convert it to today’s dol- 
lars. The discount factor for year n can 
be computed as: discount factor = 


| 1/(1+i)", where i is the target rate of re- 
| turn. So at a discount rate of 10% in 


Year 1, discount factor = 1/(1.1), or .909. 
Thus, in the earlier example, the pre- 


| sent value of $1.10 a year from now is 
| $1.10 x .909, or $1.00. 


Server consolidation 


-$1 million 
+$1 million 
+$750,000 
+$500,000 


-$1 million 
+$909,000 
+$619,500 
+$375,500 


+$1.25 million +$904,000 








Fortunately, this math is automated 
in spreadsheet packages. You enter 
only the undiscounted cash flows, the 
years in which the flows are expected 
and some target interest rate. NPV 
will pop out. 

The chart below compares two proj- 
ects that a bank could undertake. Each 
has an initial investment of $1 million 
and a minimum desired rate of return 
of 10%. On the basis of absolute (undis- 
counted) return, the ATM installation 
is better because it generates $250,000 
more cash over the life of the invest- 
ment. But when the time value of mon- 
ey is considered, the server consolida- 
tion project looks slightly better, with 

an NPV higher by $9,000. Its pre- 

sent value is higher because the 

returns occur earlier in the proj- 

ect’s life. 

Gaylord Entertainment Co., 

a Nashville-based hotel and resort 
company, relies on relatively simple 
measures such as payback period to 
evaluate investments of less than 
$100,000. Between $100,000 and 
$500,000, it also looks at discounted 
cash flow (DCF). “And above $500,000, 
DCF is absolutely necessary,” says 
CIO Kent Fourman. 

The yearly cash flows from a hotel 
or entertainment project are net rev- 
enues, but for an IT project, they gen- 
erally are cost savings, Fourman says. 
But he says NPV isn’t appropriate for 
an IT project that can’t be associated 
with clearly defined cash flows. 

“We are doing Windows 95 to Win- 
dows 2000 and XP conversions, for 
example, and you're not going to come 
up with a traditional DCF on that kind 
of project,” Fourman says. “There are 
benefits that are not necessarily finan- 
cial in nature.” 

NPV has some flaws, says Ian Camp- 
bell, chief research officer at Nucleus 
Research Inc. in Wellesley, Mass. He 
offers an example in which two invest- 
ments each have an NPV of $100, but 
one involves an initial investment of 
$1,000 and the other an investment of 
$1 million. Clearly the $1,000 invest- 
ment is preferable because it’s less 
risky and ties up less capital, he says. 

But, Campbell adds, NPV is a good 
“no-go indicator,” because you'd nor- 
mally reject an investment with a nega- 
tive NPV without further considera- 
tion. Those with a positive NPV 
should then be measured by other 
yardsticks, he says. D 


NPV FOR DUMMIES 


For links to more NPV resources, check out this collection: 


& QuickLink 36052 
www.computerworld.com 





For further information, contact: 
NTT Communications Corporation, 
nttverio@ntt.com 
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It’s part of the return on investment you get from NTT/VERIO global services. 


Do you really know what to expect from your telecom and IP provider? 
With NTT/VERIO IP and managed network services you do. As one of the world’s 
largest communications providers, our promise is to consistently deliver the most dependable services 
in the world. From IP connectivity and managed network to hosting services, 
our commitment is to do whatever it takes to keep our customer satisfied. So when we say you can count on us, 
we mean it. In all honesty. 


www.nttverio.com 


NTT Communications Group Offices Japan * USA « Brazil « UK © France * Germany * Netherlands « Spain « 
Korea * China * Hong Kong + Taiwan Vietnam Thailand+ Indonesia * Singapore + Malaysia + Philippines + Srilanka + Australia 

* A full service offering may not be available in some areas 
NTT is a trademark of NIPPON TELEGRAPH AND TELEPHONE CORPORATION. Verio is a trademark of Verio Inc. All other referenced product names are 
trademarks of their respective owners. ©2003 NTT Communications Corporation 
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Internal Rate of Return 


Sort projects into ‘go’ and 
‘no-go’ piles. By Gary H. Anthes 


DEFINITION: The internal rate of return (IRR) is the discount rate that results in 
a net present value of zero for a series of future cash flows. 


WHAT IT MEANS: It’s a cutoff rate of return; avoid an investment or project if its 
IRR is less than your cost of capital or minimum desired rate of return. 


STRENGTHS: It provides a simple hurdle rate for investment decision-making. 
It’s the method favored by many accountants and finance people, possibly the 


ones at your company. 


WEAKNESSES: It’s not as easy to understand as some measures and not as 
easy to compute (even Excel uses approximations). Computational anomalies 
can produce misleading results, particularly with regard to reinvestments. 


1.000 
0.909 
0.826 
0.751 
0.683 
0.621 


NPV = +$137,000 


@ IRR is often used as a hurdle rate, a sort of go/no-go investment threshold. in this example, there is an initial investment of 
$1 million, with a net (undiscounted) return of $500,000. The NPV of the $1 million outlay depends on the discount rate, or cost 
of capital, used to evaluate the investment. The NPV is zero at the IRR, here a fraction of a percentage point above 15%. 


RR is the flip side of net present 

value (NPV) and is based on the 

same principles and the same 

math. NPV shows the value of a 

stream of future cash flows dis- 

counted back to the present by 
some percentage that represents the 
minimum desired rate of return, often 
your company’s cost of capital. 

IRR, on the other hand, computes a 

break-even rate of return. It shows the 


INTERNAL RATE OF RETURN: 


What It Looks Like 


Discount rate: 10% Discount rate: 15% 


-$1 million 
$261,000 
$227,000 
$197,000 
$172,000 
$149,000 
NPV = +$6,000 


1.000 
0.870 
0.756 
0.658 
0.572 
0.497 


-$1 million 
$273,000 
$248,000 
$225,000 
$205,000 
$186,000 


IRR = slightly more than 15% 


| 20% the project’s present value is neg- 





discount rate below which an invest- 
ment results in a positive NPV (and | 
should be made) and above which an 
investment results in a negative NPV 
(and should be avoided). It’s the break- 
even discount rate, the rate at which 
the value of cash outflows equals the 
value of cash inflows. 

Consider the three scenarios shown 
here (see table), each involving an ini- 
tial investment of $1 million. The 
investment returns $300,000 
(undiscounted) per year in each 
of the five years after the initial 
investment, for a net return of 
$500,000. 

A company evaluating this invest- 
ment using cash flow discounted 
at 10% would compute an NPV of 
$137,000, a decent but not spectacular 
result. But if the company evaluates 
the same investment at 15%, the project 
has a present value of only $6,000, es- 
sentially just breaking even, and at 


ative. The IRR is a fraction of a per- 
centage point above 15%; at that dis- 
count percentage, the investment’s 
NPV is zero. 

IRR is often used as a hurdle rate, a 
sort of go/no-go investment thresh- 


Discount rate: 20% 


1.000 
0.833 
0.694 
0.579 


-$1 million 
$250,000 
$208,000 
$174,000 
0.482 $145,000 
0.402 $121,000 
NPV = -$102,000 





old. Gaylord Entertainment Co. in 
Nashville, for example, has computed 
its weighted average cost of capital — 
a percentage that it won’t disclose — 
and a “hurdle” percentage rate a few 
points higher. An investment’s IRR 
must generally equal or exceed the 
hurdle rate to be approved by manage- 
ment, says CIO Kent Fourman. 

“We calculate the IRR and then com- 
pare that to our hurdle rate,” 
Fourman says. “And we compare 
that IRR against every other 
[project’s] IRR, because you al- 
ways have limited cash.” 

But the IRR cutoff isn’t an absolute 
test, he says. For example, manage- 
ment’s subjective assessment of risk 
may influence an investment decision, 
he says. “But if you can’t show that 
IRR exceeds our hurdle rate, then 
you'll have to have a lot of the soft jus- 
tifications to get it approved,” Four- 
man says. 

Not everyone is as enthusiastic 
about IRR. Like NPV, it doesn’t mea- 
sure the absolute size of the invest- 
ment or its return. And because of the 
way the math works, the timing of pe- 
riods of negative cash flow can affect 
the value of IRR without accurately re- 
flecting the underlying performance of 
the investment. 

IRR can also produce misleading re- 
sults because, as classically defined, it 
assumes that the cash returned from an 
investment is reinvested at the same 
percentage rate, which may not be real- 
istic. That error is magnified when 
comparing two investments of different 
durations. Some software, such as Mi- 
crosoft Excel, will compute an optional 
“modified IRR” that allows the user to 
specify a different reinvestment rate. 

IRR becomes increasingly mislead- 
ing the more it diverges from the cost 
of capital, says Ian Campbell, chief re- 
search officer at Nucleus Research Inc. 
in Wellesley, Mass. “IRR is a terrible 
metric, and it should never be used,” 
he asserts. 

The key metric for IT projects, Camp- 
bell says, is payback period, because it 
favors short-term, and hence less risky, 
projects that IT should be doing. B 


LINKS GALORE 


More tutorials on IRR are available online: 


QuickLink 36052 
www.computerworld.com 
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Is Citrix® putting the 
squeeze on your budget? 


Peel back unnecessary-expenses with New Moon 
Canaveral iQ.” Now, there's a fresh idea. 


Why are more businesses choosing Canaveral iQ? 

¢ (Qut-performs MetaFrame® in customer evaluations. 
¢ Fully leverages your. Microsoft® investments. 

Cam ot S11 en COM TLTS) (cL TN SmI UALS mem om 

¢ Global support, personalized attention 
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Simply put, Canaveral iQ is the intelligent alternative to 
Citrix MetaFrame. 


Save 40%. Guaranteed. 


Get Canaveral iQ fdr 40% less than any bona.fide Citrix 
price quote. for MetaFrame XP™ Register to qualify at 
www.newmoon.com/cw, or call 888-672-4866. Offer 
valid through April 15, 2003. 


New Moon Canaveral 10: Simply Smarter. 
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Balanced Scorecard 


It’s a forward-looking ‘dashboard’ 
for executives. By Gary H. Anthes 


DEFINITION: A set of principles and analytic techniques for improving an orga- 
nization’s performance in four general areas: financials, customers, learning and 


WHAT IT MEANS: Long-term organizational excellence can be achieved only by 
taking a broad and holistic approach, not by focusing solely on financials. 


STRENGTHS: This approach is potentially all-encompassing, combining finan- 
cial and nonfinancial goals and measures. It can encompass the performance of 
entire companies or business units, not just individual investments or projects. 
Balanced scorecard is future-oriented, not a rearview mirror on performance. 


WEAKNESSES: This method is potentially so broad that it may divert resources 
from those few areas that really are vital to shareholder return. It doesn’t readily 
weight the relative importance of the different metrics it uses. 


REDIT FOR the balanced 
scorecard idea most often 
goes to Robert S. Kaplan 
and David Norton, who 
wrote an article about it for 
the Harvard Business Re- 
view in 1992. Certainly, many of the un- 
derlying ideas go back much further, 
and today, many companies use one or 
more of its principles without having 
adopted the balanced scorecard 
methodology in any formal sense. 

“There are many different balanced 
scorecards, and they serve many differ- 
ent purposes,” says Arthur Schneider- 
man, an independent business-process 
management consultant in Boxford, 
Mass. “But most organizations will say 
its purpose is to link strategy to action.” 

Regardless of how one defines it, the 
balanced scorecard is based on several 
underlying notions. The first is that 
financial measures alone aren’t suffi- 
cient to size up the health of a compa- 
ny and that a single-minded pursuit of 
financial objectives could lead your 
company to ruin in the long run. 

The second is that balanced score- 
card focuses on process, not metrics. 
As such, it’s forward-looking (How can 
I retain my best customers?) rather 
than backward-looking (What were my 
earnings per share last quarter?). 

The scorecard is an analytic frame- 
work for translating a company’s vi- 
sions and high-level business strategies 
into specific, quantifiable goals and for 
monitoring performance against those 





| goals. The methodology breaks high- 


level strategies into objectives, mea- 
surements, targets and initiatives. 


For example, Southwest Airlines Co. 


employs a number of scorecards, one 
of which relates ground-crew perfor- 
mance to company profitability (see 

chart). It arranges the four quadrants 
of the balanced scorecard — learning, 


hierarchy that shows how objectives 
relate to one another. 

| Directly relating a financial measure 
| such as “lower costs” with an opera- 
tions metric like “fast ground turn- 
around” is a relatively new idea at the 

| Dallas-based airline, says Mike Van de 
Ven, vice president of financial plan- 
ning and analysis. “Historically, the 
budget system was the primary system 
to monitor costs, and if you were an 
accountant, you got it,” he says. 

“But if you were an operations 

person, and you weren't used to 

cost centers and general ledgers 

and budget-to-actual variances, it 
didn’t make any sense to you.” 

The operations people had hundreds 
of metrics dealing with things such as 
on-time performance or baggage deliv- 
ery, but they weren't linked directly to 
the financial measures or the budget 
system, Van de Ven says. “So what we 
have been doing over the past several 
years is putting these things together, 
and that neatly rolls into this balanced 
scorecard concept,” he says. 

Another advantage of this integrated 
scorecard approach is that it retains the 
hundreds of detailed metrics for front- 
line supervisors but gives top manage- 





internal, customer and financial — ina | ment a “dashboard” displaying a few key 


MAE LLGG 


Customer 


% ground-crew shareholders — year 4: 79%: Year 3: 90%; 
Year 5: 100% 





measures. “We are trying to get more 
focused on key measurements that we 
want to stay on top of,” Van de Ven says. 
Although nearly everyone applauds 
the broad view that the balanced 
scorecard encourages and its pro- 
active, forward-looking thrust, some 
critics say the scorecard is often mis- 
used. “Most of the time, the balanced 
scorecard will help you identify the 
wrong things to measure,” Schneider- 
man says. That can waste a lot of 
corporate resources, he adds. 
There’s a danger that use of the 
balanced scorecard can divert 
management attention away from 
the most important goals, which are fi- 
nancial, says Ray Trotta, co-founder of 
iValue LLC, an IT valuation consultan- 
cy in Barrington, Ill. “We like the way 
the Street does things; they talk about 
dollars and cents,” he says. “The bal- 
anced scorecard talks about customer 
relationships, internal processes, learn- 
ing and growth. I mean, those things 
are good, but where’s the money?” D 


TO DIG DEEPER 


Links to more tutorials on the balanced scorecard 
are available online: 
QuickLink 36052 
www.computerworld.com 





SOUTHWEST AIRLINES’ BALANCED SCORECARD: 


What It Looks Like 
a a a 


Market value 
Seat revenue 
Plane lease cost 
FAA on-time arrival rating No. 1 


Customer ranking 


(market survey) No. 1 


Time on ground 


On-time departure 90% 


% ground crew trained 


30 minutes 


30% CAGR* 
20% CAGR 
5% CAGR 


Quality management 
Customer-loyalty 
program 


Cycle-time optimization 
program 


Employee stock option plan 


Ground-crew training 
* CAGR = compound annual growth rate 


@ A balanced scorecard takes a broad, holistic look at organizational goa!s - not just the financials. 
For example, this Southwest Airlines scorecard shows that well-trained ground crews mean faster turnaround 
and more on-time flights, which lead to higher customer satisfaction, lower costs and greater profits. 
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Economic 


Value 
Added 


The cost of capital isn’t free. 
By John Berry 


DEFINITION: Economic Value Added (EVA) - a name trademarked by Stern 
Stewart & Co. - subtracts the capital charge (the capital investment times the 
cost of capital) from the net financial benefits of the investment. 


WHAT !T MEANS: Economic profit is wealth created above the capital cost 
of the investment. EVA prevents managers from thinking that the cost of 


STRENGTHS: EVA focuses managers on the question, “For any given invest- 
ment, will the company generate returns above the cost of capital?” Companies 
that embrace EVA have bonus compensation schemes that reward or punish 
managers for adding value to or subtracting value from the company. 


WEAKNESSES: As with any metric, it’s hard to link precise EVA returns to a 
specific technology investment. EVA is ideally suited to publicly traded compa- 
nies, not private companies, because it deals with the cost of equity for share- 


holders, as opposed to debt capital. 


F A COMPANY INVESTS in manu- 
facturing equipment or a ware- 
house, how much additional prof- 
it will be required to pay for it? 
Managers are intuitively aware of 
the importance of value creation 
to their businesses. EVA is a manage- 
ment philosophy and performance 
metric that elevates those goals from 
intuition to rigorous analysis and en- 
sures that no investment escapes 
scrutiny. 
Yes, that includes IT. The 
fundamental proposition of EVA 
is that capital isn’t free and its 
cost must be factored into every bene- 
fit analysis or return-on-investment 
model when an investment in a plant, 
equipment or a new customer relation- 
ship management system is contem- 
plated. Putting a finer point on this 
concept, EVA targets equity capital as 
opposed to debt capital. Managers of- 
ten treat equity capital as free when it’s 


not — shareholders could have invest- 
ed eisewhere. 

Since IT represents a big percentage 
of a company’s annual capital budget, 
whether a company factors in the cost 
of capital when deciding on some tech- 
nology investment is hardly academic. 
The pure EVA calculation for the com- 
pany as a whole is: 

Net operating profit after taxes 
- capital charge (capital investment 
x cost of capital) 
But, purely speaking, there is 
no net operating profit after taxes 
(NOPAT) arising out of an IT in 


| vestment, so the net financial benefits 


of the IT investment are used as a re- 


| placement for NOPAT. 


Consider, for instance, a case where 


| the cost-benefit analysis reveals that a 


$50,000 IT investment wiil return 

$8,000 in net quantifiable benefits. 
The ROI is 16% ($8,000 divided by 
$50,000). The cost of capital in the 





| 


company is 12%. Using the formula 
above, the EVA in this case is $2,000: 
$8,000 net benefits - ($50,000 capital in- 
vestment x 12% cost of capital) = $2,000 
EVA 
Another way to calculate EVA in this 
example is to simply deduct the 12% 
cost of capital from the 16% ROI, then 
multiply by the investment: 

4% x $50,000 = $2,000 EVA 

EVA is always expressed as a dollar 
amount. 

“EVA doesn’t make it easy to quanti- 
fy IT benefits but creates clarity so 
that all the pluses and minuses of these 
IT decisions can be considered in ways 
that companies [that don’t use EVA] 
find difficult to do,” says Bennett Stew- 
art, co-founder of Stern Stewart & Co., 
a New York-based consultancy that 
coined the term Economic Value 
Added, but not the concept. 

Consider a recent EVA analysis that 
Robert Egan, vice president of IT at 
Boise Cascade Corp., and his col- 





leagues conducted for a storage invest- 
ment. The decision was whether to 
keep storage assets or replace them 
with new technology that has lower 
maintenance charges. (The example is 
illustrative. Egan declined to provide 
real cost figures.) 

The new storage technology costs 
$1 million, with maintenance costs of 
$100,000 per year. The maintenance 
expense on the old storage technology 
is $350,000. (For simplicity, we'll as- 
sume that the new storage equipment 
offers no benefits other than the lower 
maintenance costs.) 

Boise’s cost of capital is about 16%. 
Therefore, the capital charge for in- 
vesting in the new storage is 16% x 
$1 million, or $160,000, which EVA says 
must be added to the $100,000 mainte- 
nance costs to get the true cost. 

The result: The total cost of the new | 


| storage is $260,000, vs. $350,000 for the 


old storage. “In this case, have you 
lowered the operating cost enoughto | 
make up for spending the capital?” 





asks Egan. Yes — $90,000 worth. 
Boise is constantly reminded of the 
obvious point that technology isn’t 


| 
| free. The company is also aware of the | 
| 


less obvious fact: neither is the capital 
to finance it. D 


Berry is an IT management consultant 
and analyst in Bend, Ore. Contact him at 
vision@according2jb.com. 





| MORE VALUE ADDED 


| For more information and columns on Economic Value 


| 


Added, visit our Web site 


e QuickLink 36052 
www.computerworld.com 


Outsourcing’s 
Payoff 


Including a capital charge when as- 
sessing the economic returns from an 
IT investment reveals just how power- 
ful outsourcing can be as a manage- 
ment sirategy. 

The Manitowoc Co.in Manitowoc, 


would look like this for the first year 
(numbers are hypothetical): 


Tim iicewe- Toye) fercti ce) 


$180,000 in net benefits 
- ($1 million capital investment 
x 12% cost of capital) 


Outsourced application 


$180,000 in net benefits 
- ($0 capita! investment 
x 12% cost of capital) 
- $80,000 in rental fees 
= $100,000 EVA 


Notice that the outsourced appli- 
cation requires no capital invest- 
ment and therefore has no capital 
charge. Suppose the operating 
costs to run the system in-house 
were $50,000 per year. Most com- 
panies only look at the income 
statement side of the ledger: they 
wouldn't outsource this application 
because it would be exchanging 
$50,000 of in-house expenses for 
the $80,000 rental fee, another 
kind of expense on the income 
statement. Yet on an EVA basis, the 
company would outsource the sys- 
tem, because doing so would pro- 
duce nearly twice the residual in- 
come ($100,000 vs. $60,000) by 
virtue of the $0 capital charge. 

“When you are exposed to the 
EVA philosophy, you recognize how 
to better manage your capital,” says 
Jim Pecquex, Manitowoc’s CIO. 

~ Johr: Berry 
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ITH IT BUDGETS TIGHT, CIOs are being 

asked to tally up ROI figures for every 

sizable project these days. Not surpris- 

ingly, consulting firms ranging from 

Gartner Inc. to two-man start-ups — 
often founded by Gartner alumni — have stepped in 
with a full complement of ROI metrics, methodolo- 
gies, guidelines and benchmarking services to cash 
in on the opportunity. We’ve sifted through some of 
the offerings. 


Business Value Index 
The Hackett Group recently 
revamped and renamed its 
IT benchmarking method- 
ology. An intriguing charac- 
teristic of its Business Value 
Index is that it offers clients 
the ability to compare themselves against other en- 
terprises. Hackett has benchmarked 2,000 IT organi- 
zations, including those at General Electric Co. and 
Citigroup Inc., on their alignment with corporate 
strategy, ability to partner with suppliers, and level 
of technology integration, according to Bruce Barlag, 
the firm’s president and a former Gartner ROI ana- 
lyst. Barlag adds that client companies are able to ex- 
amine the practices that help top-quartile corpora- 
tions succeed. 

From Hackett’s extensive database, you can learn, 
for example, that the average IT organization has 11.5 
full-time IT employees per 1,000 company employ- 
ees, while at high-performing companies, the num- 
ber is less than half that — 5.2 IT workers per 1,000 
company employees. 

The other major Business Value Index differentia- 
tor is its continuous focus; many customers, includ- 


Consulting firms are inventing their own 
ROI metrics at a steady pace. Here's a quick 
look at five more IT evaluation models. 

By Steve Ulfelder 


onsuitants 
Offerings 








www.computerworld.com 


ing The New York Times Co. and Alcoa Inc., use 
their initial results as baselines for ongoing measure- 
ment. “Most companies benchmark every two or 
three years, but clients tell us they want more of an 
ongoing process,” Barlag says. 

Hackett says a Business Value Index analysis can 
take as little as two weeks. The firm’s Web-enabled 
software gathers, scrubs and validates data; consul- 
tants collaborate with clients throughout the process 
and then deliver a final report. 

Strength: Hackett’s large existing database can be 
used to compare IT practices and business value on a 
continuous basis. 

Weaknesses: May not offer the hard numbers you're 
looking for; moreover, the index is new and untested. 


Information Economics 


EERE Tom Bugnitz, president of 


The Beta Group, stresses 
St. Louis @ : that although his Informa 


the-bet tion Economics methodolo- 
gy encompasses metrics, 
they are simply a means to an end — that end 
being “a holistic view of all IT investments and 
an understanding of the linkage between IT 
spending and business results that lets manage- 
ment make decisions.” 

The Beta Group is another consultancy that 
includes Gartner alumni among its principals. The 
key differentiator of the firm’s approach to IT ROI 
assessments is its focus on communication rather 
than data analysis. 

The firm’s methodology includes four steps. First, 
client companies list and prioritize their strategic 
business endeavors. As part of this process, The Beta 
Group forces clients to use standard language across 
all departments and projects. 

Second, the IT organization is asked to catalog its 
technology investments. Again, standard language 
and metrics are used. With this information, The 
Beta Group builds what it calls a “project book.” At 
this stage, says Bob Rouse, a company principal, it of- 
ten becomes apparent that business managers know 
shockingly little about where the IT group is spend- 
ing its money. 

Next, a scorecard committee, composed of busi- 
ness, financial and IT executives, develops a relative 
valuation for each IT project. According to Bugnitz, 
this development process is the core of Information 
Economics, because it forces executives at the 
client’s company to understand and analyze their IT 
program in detail. 

“People on this committee must learn whatever 
they need to know about every project,” Bugnitz 
says. “We provide a framework for disciplined think- 
ing about business communication.” 

Finally, the company creates a scorecard, which is 
a list of proposed IT expenditures ranked according 
to their business value. Once a Beta Group client that 
was faced with a $50 million IT project backlog ran 
out of money halfway down its list — and simply 
eliminated the rest, with no ill effects. “The CEO 
said, ‘If the process works, it works,’ ” says Bugnitz. A 
typical Beta Group engagement lasts six to 12 weeks. 
Strength: Clearly ties IT projects to overall strategy, 
offering a good big-picture perspective. 

Weaknesses: Requires a major effort from the score- 
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card committee, and the results of the exercise are 
only as strong as that group’s commitment. 


IT Performance Management Scorecard 
Ee SRR Mike Bitterman, a principal 


at IT Performance Manage- 
IT Performance ment Group (ITPMG)), is yet 
Management Group, another Gartner refugee — 
a cencio he worked in benchmarking 
; at Gartner’s measurement 
division. There, he says, “CIOs would tell us, ‘Some- 
thing’s broken, and we don’t know how to fix it.’ And 
benchmarks don’t tell you how to fix anything.” So 
Bitterman moved on to co-found ITPMG and devel- 
oped the IT Performance Management Scorecard. 

In an ITPMG engagement, the client company es- 
tablishes critical success factors associated with the 
health of its IT organization. These factors vary de- 
pending on how IT is regarded — as a utility, as a “de- 
mand” organization that delivers applications when 
requested, or as an “enabling” group that truly helps 
plan corporate strategy. (Brutal honesty is needed 

here: “Everybody wants to be an ‘enabling’ IT 

group, but very few are,” Bitterman says.) 

With critical success factors and metrics de- 

termined, ITPMG’s scorecard software, which 

the firm installs on clients’ servers, helps com- 
panies develop eight to 15 key performance indica- 
tors. The goals: unambiguous metrics, a translation 
of typical IT jargon into business-value terms. 
(“Somebody still measures CPU cycles and all that,” 
Bitterman says. “But our software automates your 
ability to turn that into useful information.”) 

Developing a scorecard for one department of a 
company takes six to eight weeks. 

Strength: Provides the hard ROI numbers that busi- 
ness executives want to see. 

Weaknesses: When it comes to translating age-old IT 
measurements into information that’s useful for 
business people, “there’s still a lot of missionary 
work to be done,” Bitterman says. To fully exploit the 
IT scorecard, a business must be ready and willing to 
confront the historical divide between IT and other 
organizations. 


Total Economic Impact 


Seca eae Giga Information Group 


Inc.’s methodology essen- 


: tially expands on traditional 
Inc., Cambridge, Mass. . ' 
. cost analysis by adding ben- 
www.gigaweb.com ; 
© efits and flexibility to the 


mix. Chip Gliedman, a Giga research fellow, says it’s 
important to factor in flexibility because investments 
in infrastructure, excess storage capacity or network 
bandwidth look like red ink in a cost analysis — but 
offer flexibility that can pay off in time. 

Where benefits of an IT project are concerned, 
Giga, like nearly all its competitors, forces clients 
past generalities such as “boosts produc- 
tivity.” Gliedman says IT executives tend 
to slip into a discussion of features but 
that Giga’s methodology keeps them on 
track. “We don’t talk features, but rather 
business benefits, and we always add ‘as 
measured by’ and a metric,” he says. 

Typically, a Total Economic Impact as- 
sessment begins with identification of an 


Giga Information Group 


investment 





REAL OPTIONS 


This IT RO! model, 
championed by Collaborative 
Consulting, emphasizes an 
incremental approach to IT 


© QuickLink 35929 
www.computerworld.com 
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Most companies 
* « benchmark every 

two or three years, 
but clients tell us they want 
more of an ongoing process. 


BRUCE BARLAG. PRESIDENT, THE HACKETT GROUP 


IT project’s goals. IT then determines technology 
costs. Next, affected business units decide what ben- 


| efits they stand to gain. 


Then flexibility and risk are factored in. “An IBM 
server will cost more than one from Joe’s House of 
Servers” but is a safer purchase, Gliedman says, 
adding, “Risk-adjustment lets you decide how much 
of a discount you require from Joe.” 

Finally, the results of the assessment are communi- 
cated to all concerned parties, and metrics for mea- 
suring the project’s success are determined. 

Giga offers Total Economic Impact assessments as 
a consulting service or will train businesses to per- 
form their own assessments. A full engagement takes 
four weeks or more, depending on scope. 

Strength: Takes flexibility and risk — major factors in 
real-world decision-making — into consideration. 
Weakness: In some companies, those additional con- 
siderations may dilute the ROI message. 


| Total Value of Opportunity 


Total Value of Opportunity 
(TVO) is a methodology 


; based on the Gartner Busi- 
Stamford, Conn. et : 
ness Performance Frame- 


www.gartner.com : 
e work, the company’s set of 


business metrics. Gartner analyst Audrey Apfel 
claims that’s an important differentiator: “Generic 
ROI cases tend to go right from geekspeak to finan- 
cial numbers, and that’s too big a leap,” she says. 

TVO is available as a Web-based software package, 
with full training-and-consulting contracts optional. 
To get started, a business uses Gartner’s business 
metrics to determine what opportunities are avail- 
able and translates them into standard business 
terms such as on-time delivery, bill rate, market 
share and sales close index. One of TVO’s strengths 
is that this translation — which is where many ef- 
forts founder — is laid out in excruciating, step-by- 
step detail, eliminating ambiguity. 

Another TVO differentiator is the software’s diag- 
nostic capability, which weighs such qualitative fac- 
tors as the company’s IT project history. “Lots of 
clients tell us, ‘We have a great ROI process, we run 
decisions past our accountants — and then we go on 
our gut feeling, ” says Apfel. “We tried to make that 
gut feeling visible.” 

Strength: Specific instructions can’t be 
fudged, so results should be accurate 
Weakness: May add a level of complexity 
that meat-and-potatoes executives won't 
welcome. D 


Gartner Inc. 


Ulfelder is a freelance writer in Southboro, 
Mass. Contact him at sulfelder@ 
charter.net. 
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Where ROI 
Models Fail 


The models don’t measure I'T’s 
soft benefits, such as customer 
service. By Thomas Hoffman 


OW THAT COST IS KING, 

more IT executives are rely- 

ing on standard accounting 

methodologies such as net 

present value (NPV) and in- 
ternal rate of return (IRR) to cost-jus- 
tify IT investments to top brass. Some- 
times they’re using the models because 
the rest of the company is doing it. 

IT leaders “should adopt what the 
business adopts, and that’s fine if that’s 
how the organization wants to 
view the numbers,” says Audrey 
Apfel, an analyst at Gartner Inc. 
in Stamford, Conn. 

Problem is, say Apfel and other 
pundits, return-on-investment models 
are usually incomplete and don’t re- 
veal as much as they should about in- 
tangibles such as an investment’s im- 
pact on employee productivity, sales or 
customer satisfaction. 

“ROI models fail because they be- 
come overly complex,” adds Stephen 
Andriole, an MIS professor at Villano- 


Three Problems 


Gregor Bailar, CIO at Falls Church, Va.-based Capital One Financial 
Corp., says the foiiowing questions highlight three big problems with 
using a single financial calculation, such as NPV, to justify and track 
the benefits of an IT investment: 


How does the company arrive at the figures? For example, does a 
company factor in depreciation costs for software? 





Can you tie a productivity improvement directly back to an IT 
investment? For instance, if there’s a 10% boost in sales from a 
direct-marketing campaign, to what extent was that caused by IT? 





Who's accountable? In some ways, it doesn’t matter what calcula- 
tion you use. What matters is who's accountable for the investment 
and who's responsible for tracking it, Bailar says. 








va University in Villanova, Pa., anda 
senior consultant for the Cutter Con- 
sortium in Arlington, Mass. 

Andriole, who has held senior IT 
positions at Cigna Corp. and Safeguard 
Scientifics Inc., says that there are 
roughly 15 financial calculations that 
CIOs can use to tally ROI, “and that’s 
part of the problem — the more com- 
plicated the method, the more you 
have to feed the method rather than 
working the project.” 

That’s why Andriole leans toward 
the use of more simplified ROI tech- 
niques, such as payback. 

“At Cigna, we had all these compli- 
cated ways of collecting the data, with 
five people collecting data. And I said, 
‘Whoa, wouldn’t it be more effective to 
have three of those people actually 
working on the project and just two 
people collecting the data?’ ” 


Capturing Soft Gains 

ROI models also aren’t well suited to 
capturing soft benefits, such as cus- 
tomer satisfaction or employee pro- 
ductivity gains. 

“If you reach a customer on the sec- 
ond ring instead of the third ring, how 
do you capture that? Are they more 

profitable? Are they happier? 

The human factor of computer- 

assisted work is neglected by the 

ROI model,” asserts John Jordan, 

a principal at Cap Gemini Ernst 
& Young in Cambridge, Mass. 

Further, ROI calculations typically 
fail to include the complexity costs as- 
sociated with adding a new application 
— such as additional hardware, storage 
or WAN/LAN equipment, and support 
personnel — to an IT infrastructure, 
says Jordan. That’s one reason he ad- 
vocates asking another question: 
What’s the cost of doing nothing vs. 
the cost of making an IT investment? 

Jordan paints the following scenario: 
An IT manager is faced with buying 
five Unix servers in order to add new 
services to his company’s Web site. 
The consideration isn’t “just the hard- 
ware that you buy but the business ca- 
pability you achieve in three weeks in- 
stead of three months,” he explains. 
“That kind of thinking is hard to put a 
dollar value on.” 

The problem with relying solely 
upon financial techniques such as 
NPV or IRR “is that they don’t neces- 
sarily capture all of the business bene- 
fits of an IT investment, nor do they 
help to evaluate all of the options that 
are open to you,” says Chip Gliedman, 
an analyst at Giga Information Group 
Inc. Giga recommends that CIOs use 
options models, decision trees and 





4 We have some 
areas where we 
use metrics to measure 
[business returns]. But 
in some instances, we 
have to go on faith. 


TONY SCOTT, CTO, 
GENERAL MOTORS CORP. 





other tools “to try to quantify and 
communicate the value of those op- 
tions and the value of that flexibility.” 

Take a company that’s about to in- 
stall a new application that requires a 
two-processor server. You have two 
options, says Gliedman: “You can buy a 
two-processor server or a 16-processor 
cabinet and put two processors in it. 
The first option has higher immediate 
returns, but the second gives you the 
option to put additional processors in 
as they’re needed.” 

A Computerworld.com survey indi- 
cates that it’s common to try to calcu- 
late ROI for IT projects. Most of the 
113 IT managers responding to last 
month’s survey said their IT organiza- 
tions do some sort of ROI calculation 
for major projects; only 6% said they 
do no ROI calculations at all. 

But about half (48%) of the respon- 
dents agreed with the statement that 
“sometimes ROI calculations are a 
good idea, and sometimes they’re not” 
(see chart, page 40). Many IT organiza- 
tions go to the trouble of doing the ROI 
math only for really expensive projects. 

Sometimes, financial justifications 
have to be tossed aside when an IT in- 
vestment simply makes good business 
sense, some IT executives say. 

As General Motors Corp. Chief 
Technology Officer Tony Scott put it: 
“We have some areas where we use 
metrics to measure [business returns]. 
But in some instances, we have to go 
on faith.” D 


CONTRARIAN VIEWS 


John Jordan of Cap Gemini Ernst & Young has written 
a paper on why ROI models often fail. For a link to that 
paper, visit our Web site: 
QuickLink 36052 
www.computerworld.com 
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0 all media, 


‘ in scattered 


stant contact as weatherpatterns quickly shift 
drop coordinates. At Nortel Networks, we Call this "the engaged business 
model" And we make it happen by allowing businesses to engage their 
employees with ways to work more productively as teams. Eliminating 
boundaries by anticipating user needs. Delivering critical, time-sensitive 
information on whatever device they can access. Encrypted for security, 
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SNAPSHOTS 


Growing 
importance 


Are ROI calculations for IT investments 
becoming more important or less 
important in your organization? 


25% 
Eo 
65% important 
Ue 
important 


About the 
same 


BASE: 113 IT managers involved in IT spending 
decisions, surveyed at Computerworld.com 


Prudent or 
Wasteful? 


Which statement matches 
your view on ROI? 


ROI calculations are 
calculations are essential to prudent 
a good idea, and management 
sometimes of major IT 
they're not. investments. 


Sometimes RO! 


1% 
None of 
the above 


4% RO! 
calculations 
are a waste of 


time and resources | 6% Other 


BASE: 113 IT managers involved in IT spending 
decisions, surveyed at Computerworld.com 


Top Five 
Challenges 


What will be your biggest 
challenges in 2003? 


1. Maintaining operations with a lower budget 





2. Cutting costs 


3. Completing major projects _ 





4. Maintaining infrastructure 





5. Improving security 
BASE: 100 CiOs (75 in the U.S., 25 in Europe) 


MERRILL LYNCH & NEW 


MARK HALL 


Forget ROI 


CARTOON IN A RECENT ISSUE of The New Yorker depicts the classic scene 
of a father sitting in a chair, looking over the report card his young son has 
handed him. The father says, “They may be your grades, but they’re the re- 
turn on my investment.” CIOs are hearing similar sentiments when they 
face their CEOs, perusing a list of corporate IT projects. 


It’s a lot less funny but at least as silly. 


Because just as no child’s education can be seen strictly through the narrow prism 
of “investment,” IT operations can’t be judged solely on hard numbers. Anyone who 
tells you otherwise isn’t seeing the big picture. 


If you’re jumping through ROI hoops 
for every IT project on your white- 
board these days, you’re wasting your 
time. It may sound ironic, but the sim- 
ple truth is that there’s no ROI in ana- 
lyzing the ROI on everything. At the 
risk of being labeled a blasphemer, I 
suggest you rid yourself of the fancy- 
schmancy, spreadsheet-happy blather 
of ROI gurus and use your own wis- 
dom to evaluate IT projects. 

If it makes sense to you, do it. If not, 
don’t. You know the business. You 
know the technology. You know your 
crew. You know your budget. You know if it’s fea- 
sible or not. What else do you need? A report card 
for Dad? I think not. 

I’m not saying that just because you’ve got a 
lofty C-level title and a few years in the industry, 
you can fly by the seat of your pants. But who 
knows better which projects have been well con- 
ceived, which are half-baked and which deserve 
never to see the light of day? If you can’t make 
that call, you should look for another job. 

After all, your company depends on progress to 
succeed, and you’re in charge of systems that sup- 
port that progress. Your company’s success is ut- 
terly dependent on smart people like you who 
take risks. In a best-case scenario, an ROI analysis 
is a stall tactic for undeserving projects. Worst 
case, it’s a rationalization for undeserving 
projects. In effect, ROI analyses justity rejections 
to division managers or failures to stockholders 
and venture capitalists. 

ROI activity is risk-averse. That makes it ideal in 
an era when CEOs are listening to their lawyers and 
accountants more often than they’re listening to 
their CIOs, CTOs and VPs of engineering. If you’re 
a fan of the Lord of the Rings saga, you’ll know what 


MARK HALL is Computer- 
world's opinions editor. 
Contact him at mark hall@ 
computerworld.com. 





I mean when I say that Wormtongue 
— the master of calculating the virtue 
of caution to the point that opportuni- 
ties are lost — is the master of ROI. 
Meanwhile, Gandalf, the advocate of 
risk and a wizard who rules over what 
passes for progress in Middle Earth, 
intuitively understands a situation and 
knows when to act. 

The best, most innovative IT im- 
provements have no ROI. There was 
no decent ROI on installing the first 
Wang word processor in the 1970s or 
the first PC to run VisiCalc in the 
1980s or the first Linux server for corporate Web 
sites in the 1990s. 

But the people who took those risks pushed 
their companies ahead of their competitors and 
made working there better, improving the lot of 
their employees and, most likely, attracting more 
talented individuals who brought even more pro- 
gressive ideas with them. If we let the ROI Worm- 
tongues rule the day, this decade will never see an 
analogue to the technological achievements of 
past decades. 

The best CIOs understand the political neces- 
sity of living through the latest management 
craze. ROI is the trendiest of the lot today, so you 
know it will be tough to stand firm against the ris- 
ing tide of ROI demands. And I suspect that many 
of you won't be able to avoid having to submit one 
mind-numbing report after another. 

But when everyone jumps off the ROI bandwag- 
on, your company will still need to depend on 
your instincts, knowledge and experience. Those 
attributes got you where you are today, and they, 
not ROI theory, will be the basis for the best IT 
decisions you can make. Because wisdom can’t be 
reduced to an ROI calculation. D 
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Winning through organization: Enter IBM Content Manager. With it, CNN® is turning 22 years of news into 
a single digital library. That’s 120,000 hours of legacy video (plus another 30,000 new hours annually) that 
producers and journalists will be able to access instantly from around the globe. IBM Content Manager 
can also help you turn everything, from documents to audio to photos, into an at-your-fingertips online 
archive, no matter what your industry. Part of our winning software team, along with Lotus? Tivoli® and 
WebSphere? Learn more and get a free iBM Content Manager CD at ibm.com/db2/cnn 


© business is the game. Play to win.” 
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The Almanac 


Aneclectic collection of research 
and resources. By Mitch Betts 


Beware of Fuzzy Math 
When Computerworld conducted an 
online survey on IT return-on-invest- 
ment techniques last month, 
one of the more interesting 
comments we got was this: 
“Many times, investments are 
gambles into where the busi- 
ness is going and ROI [calcula- 
tions] are fabricated.” 

Indeed, we continue to get re- 
ports of ROI numbers that have 
been fudged in order to get IT 
expenditures approved. “It hap- 
pens all the time,” says Amir 
Hartman, co-founder of Main- 
stay Partners LLC, a management con- 
sultancy in Redwood City, Calif. Office 
politics, time pressures and less-than- 
rigorous ROI processes can lead to 
cooked numbers. “The project sponsor 
will get a call from his boss saying he 
needs an ROI number next week. That 
broken process drives the bad behav- 
ior,” says Craig LeGrande, Mainstay’s 
other co-founder. 

One CIO quipped, “As we say in IT, I 
don’t believe in any numbers I haven’t 
massaged myself.” 


iT 


Does your organization calculate the 
ROI or total cost of ownership for major 
technology deployments? 


Notsure Yes, but 
11% only ROI 
17% 


bel 
tO Fem cn) 
42% 


| On the ROI Bookshelf 


@ The Alignment Effect: How to Get Real 
Business Value Out of Technology, by Faisal 
Hoque (Financial 
Times Prentice Hall, 
2002). Advocates a 
step-by-step “business 
technology manage- 
ment” methodology 
for getting the busi- 
Mess, processes and IT 
a alignment — before 
ly money is spent. 
The Valuation of Infor- 
mation Technology, by 
Christopher Gardner 
(john Wiley & Sons, 
2000). Describes how to perform the 
financial calculations to make sure that 
IT produces shareholder value. 
@ Manage I.T., by Joe Santana and Jim 
Donovan (Lahaska Publishing, 2002). 
Chapter 2 teaches newbie CIOs how to 
get business and IT in alignment. 
® Revolutionizing IT: The Art of Using Infor- 
mation Technology Effectively, by David H. 
Andrews and Kenneth R. Johnson (Wi- 
ley, 2002). Explains how to prevent IT 
project failures. 
® Achieving Business Value From Tech- 
nology, by Tony Murphy (Wiley, 2002). 
A Gartner Inc. consultant’s executive 
guide to identifying, tracking and 
achieving business benefits from IT. 


Four New IT Lieutenants 


Most IT management staffs “are a 
kludge of unstructured hirings, promo- 
tions and compromises,” says Jonathan 
Poe, an analyst at Meta Group Inc. 
Therefore, new CIOs who want to suc- 
ceed past their honeymoon period will 
need to clean up the mess and install a 
team of talented IT lieutenants to han- 
dle certain tasks, such as personnel 
matters, so the CIO can focus on 
IT/business alignment. 

Poe says the new IT organizational 
chart will have four lieutenants: 
® The organizational development leader, a 
“change agent” who’s in charge of con- 
stantly updating the IT department’s 
mission, vision and values. 





@ The IT human resources manager, who 
handles recruiting, “reskilling,” pro- 
motions, performance evaluations, 
compensation analyses and employee 
satisfaction. 

& The IT financial controller, who deals 
with budgets and depreciation, man- 
ages portfolios and risk, and measures 
ROI and total cost of ownership. 

@ The IT communications director, who 
makes sure the IT shop sends clear 
and consistent messages, from market- 
ing materials to status reports. 


Usability Has Big Payoff 
It makes sense that Web sites that are 
easier to use have a bigger payoff than 
ones that aren’t. Now comes research 
on the ROI of Web site usability to 
back up the notion. 

A study of 42 e-commerce sites that 
were redesigned for better usability 
found that the sites had a 100% in- 
crease in the sales conversion rate, a 
150% increase in traffic, a 161% in- 
crease in user performance and a 
202% increase in the use of specific, 
desired features. 

The research was done by usability 
guru Jakob Nielsen at Nielsen Norman 
Group in San Francisco. Nielsen says 


he was pleased to see that the redesign | 


projects allocated an average 10% of 
their budgets for usability improve- 
ments — up from 6% in an earlier 
study — but he says it should be even 
higher. D 





www.computerworld.com 


Software costs are 
the most misunder- 
stood, poorly man- 


aged costs within IT organiza- 
tions. Good software asset 
management must begin with 
cost modeling to identify the 
long-term costs and possible 
risk exposure associated with 
licensing software. Contract- 
ing for software entails more 
peril than IT commodity items, 
yet we continue to see IT or- 
ganizations - and more often, 
project teams - fall for vendor 
hype, with negative results. 
The importance of cost mod- 
eling cannot be understated. 
In these lean economic times, 
locked-in software costs can- 
not be reduced, which pre- 
vents effective cost control. 
Our research continues to in- 
dicate that more than 70% of 
software cost models fail to 
illustrate the total economics 
of software acquisition. 


- William Snyder, analyst, 
Meta Group Inc., November 2002 


MORE RESOURCES 


Our ROI Knowledge Center has research links, tutorials 
and news. Visit our Web site: 


QuickLink k2340 
www.computerworld.com 





The ROI Metrics Scorecard 


Which of the following financial calculations does your organization 
perform when deciding to make a major IT investment? 


eee ee”. 
i 


BASE: 113 IT managers involved in IT spending decisions; multiple responses allowed 


SOURCE: COMPUTERWORLD.COM, JANUARY 2003 
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The Next 


Chapter 


Predictions: Wall Street analysts 
will start tracking corporate IT 
investments. And CIOs will find 
their pay linked to delivering ROL 


m@ WALL STREET CARES 

Executives of public corporations will 
begin disclosing large capital invest- 
ments as part of their quarterly analyst 
calls by end of 2003. By the end of 
2004, 30% of IT spending will have to 
pass a board of directors’ capital- 
approval process. 

@ Craig LeGrande, co-founder and man- 
aging director, Mainstay Partners LLC, 


m@ VENDOR CALCULATORS 

ROI is here to stay. Chief financial 
officers are pleased with the structure 
it brings to IT decision-making, and 
CIOs can finally sleep well at night 
knowing they can prove the value of 
their decisions. But during the next 

12 months, we'll see the death of the 
automated ROI calculators from ven- 
dors. They’re just sales tools that few 
people trust. 

= Ian Campbell, chief research officer, 
Nucleus Research Inc., Wellesley, Mass. 
m@ COMPENSATION LINKED 

CIOs and other IT executives will 
find their compensation directly 
linked to their ability to provide ROI 
to their companies, using a complex 
formula that monitors effectiveness 
and efficiency. The formula will take 
into account the complexity of a com- 
pany’s operations, how quickly the 
company and its market are changing, 
and how well the IT organization has 
been able to address the needs of the 
business. 

m Bruce Barlag, president, The Hackett 
Group, Atlanta 





| m RO! MYOPIA 


Clients say they can’t do any projects 
that don’t provide a payback within 
one year. And look at their IT invest- 
ment portfolios — they have a lot of 
small projects that result in incremen- 
tal improvements. The breakthrough 
stuff of real competitive advantage 
is gone. ROT is a great discipline for 
cutting costs, but we’re in danger of 
developing ROI myopia and missing 
opportunities to grow revenue and 
market share. 


| @ Eileen Birge, vice president, The Con- 


cours Group, Kingwood, Texas 


@ FINANCIAL PENALTIES 

CIOs and vendors will begin to truly 
collaborate on ROI analysis — and tie 
compensation to achieving financial 
returns — by hammering out ROI 
service-level agreements. If vendors 
fall short in meeting the SLAs, they’ll 
be asked to make corrections or suffer 
financial penalties for continued fail- 
ure. On the flip side, suppliers who 
substantially exceed the benchmark 
will be able to extract benefits like 
additional revenue, testimonials and 
other marketing support. 

@ Tom Pisello, president and CEO, 
Alinean LLC, Orlando 


m= CRM TRENDS 

Customer relationship management 
projects will experience the following 
trends in the next few years: They'll be 
smaller, more focused and self-funded 
from cost savings or new revenue. ROI 
metrics will be geared to specific ver- 
tical industries, such as the automo- 





tive, financial services and pharma- 
ceutical industries, instead of being 
generic. And the goal of many CRM 
projects will be to identify the most 
profitable customers vs. the low-value 
customers. 

@ Adam Klaber, global leader 

for CRM, IBM Business Consulting 
Services, New York 


| @ LOW-TECH CIOS 


It’s ironic that finance departments 


routinely use sophisticated technologi- | 
| prognostication and the actual out- 
| come. In three to five years, visual 

| modeling will gain momentum as a 


cal models to manage risk and value 
investment portfolios, but IT depart- 
ments have not seriously applied fi- 
nancial modeling techniques to assess 
the true value of IT projects. That will 
change in a few years. 

® Ray Trotta and Chris Gardner, 
co-founders, iValue LLC, New York 


mw VIABILITY CHECK 


Wall Street analysts, ratings agencies 


and banks will begin using an evalua- 


tion of IT ROI as they determine a 
company’s viability, its future pros- 
pects, the credibility of its forecasts 
and its ability to deliver customer and 
shareholder value. 

= David Axson, managing director, 

The Hackett Group 


mw CULTURE COUNTS 
By the year 2007, 90% of companies 


Finance 101 


When it comes to calculating bene- 
fits, chief financial officers have 
been assessing tangible and 
intangible benefits for years, 
and it’s made an issue 

only by IT folks and con- 
sultants who know little 
about finance. During 

the next two years, 

we'll see finance de- 
partments mandating 

a common structure 

and consistency when 
assessing benefits. If 

you're an IT person 

today, dig out your old 
finance textbook and 

start reading. 

- lan Campbell, 

chief research officer, 
Nucleus Research 


will budget for the cost of culture 


| change and factor that into the ROI 
| equation. Companies will no longer 


turn a blind eye to having billions of 


| dollars’ worth of technology sitting un- 
| used in closets due to “adoption resis- 
| tance” by people in the company. 


= Joe Santana, co-author of Manage LT. 
(Lakhaska Publishing, 2002) 


| m VISUAL MODELING 


Company executives must find a way 
to shorten the gap between an ROI 


way to improve the accuracy of ROI 
forecasts. Information captured in the 


| upfront design of an IT initiative will 
| provide critical underlying data about 


tangibles and intangibles, which will 
make ROI calculations more in sync 


| with what actually pans out. 


= Faisal Hoque, president and CEO, 


| Enamics Inc., Stamford, Conn. 


| @ PORTFOLIO TRACKING 

| Low returns on large capital invest- 

| ments will stimulate the use of port- 
| folio-tracking software for IT invest- 
| ments. That will boost the market for 
| project and portfolio management 

| software by up to 15% in 2003. 


= Sanjeev Agrawal, co-founder and 


managing director, Mainstay Partners 
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BI/B2B Data Architect 
SchiumbergerSema seeks a 
Bi/B2B Data Architect for our 
Office in Raleigh, North Carolina 
to participate in the develop- 
ment and support of various 
applications within a fast-paced 
environment. As a member of 
the Enterprise Intelligence 
Team, you will be involved with 
development efforts for internal 
B2B and BI applications that are 
conducted using Microsoft tech- 
nologies (ASP, VB, C++ 
BizTalk) and the Cognos 
Product Suite (impromptu Web 
Reports, Powerplay Enterprise 
Server, Cognos Query). You wil 
also provide support for the fol. 
lowing applications: Kronos 
Timekeeping System, Humanic 
Human Resources Information 
System, RDBMS (Oracle 8.17 
and SQL Server) and the 
Cognos Product Suite 
Additional duties include support 
of Movex Business Process 
Warehouse (BPW), software 
process design, programming 
debugging and testing 
Requires: Bachelor's Degree in 
Computer Science, Computer 
Engineering Electronic 
Engineering, Mathematics or a 
related field and two years of 
experience in support and 
development of the Kronos 
Timekeeping System, Humanic 
Human Resources Information 
System, the Cognos Product 
Suite and RDBMS 
Administration (Oracle and SQL 
Server). Please send resume to 
SchiumbergerSema Attn 
Personne! Dept #SS/002 
30000 Mill Creek Ave., Suite 
100, Alpharetta, GA 30022 


) 
E.O.E 


Business Systems Leader 
CA. Must be a sea- 
‘ofessional who will man- 
age projects working w/teams that 
may include members of program- 
ming staff & end-users. Interpret 
bus. end-user needs for all compc 
nents of HR/Payroll area & t 
late into business sys. solutions 
through configuration of SAP R/3 
HR/Payroll Module, dev. Proto- 
types, test plans for modified con- 
figuration/software & provide test- 
ing w/end-users to ensure solution 
integrity. Responsible for sys. secu- 
rity & upgrades w/HR/Payroll mod- 
ule. Support all SAP R/3 technic: 
needs associated with HR & Payrol 
functional area as member of the 
MIS Dept., eval. HR/payroll busi 
ness probs., identify/specify apy 
cation &/or sys. reqs., eval. vendor 
packages & implement req. soft- 
ware. Provide supportitrain on soft- 
ware, basic hardware & bus. Solu- 
tion questions for end-users. Assist 
development of more complex SAP 
R/3 repots & data interface w/ven 
dor for HR/Payroll area. Prepare 
training materials & documentation 
of sys. changes, configurations, up- 
grades & enhancements to enabie 
overall training. Bachelor's Degree 
in MIS (or foreign equiv), 2 yrs IT 
exp. & 2 yrs exp., which may have 
been gained concurrently, on SAP 
R/3 HR/Payroll configuration as 
Systems Analyst/Programmer Ana 
Resumes to (no calls): M 
Hudson RCI, 27711 Diaz 
Rd, PO Box 9020, Temecula, CA 
92589-9020 


Computers-Database Adminis- 
trators needed. Seeking qual 
candidates possessing MS or 
equiv. and/or rel. work exp. Part 
of the required rel. exp. must 
inciude 1 yr. working with data- 
base administration & Enterprise 
Manager. Work with 3 of the fol- 
lowing: Enterprise Manager, Or- 
acle, PL/SQL procedures, Del- 
phi, C, Crystal Reports, Quick 
Reports, Universal Installer, 
SQL Navigator. OCP certifica- 
tion is a plus. Fwd. resume & ref 
to Applied Econometrics, Inc. 
Attn: HR, 100 University Drive. 
Amherst, MA 01002 
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Bi Web Developer 
SchiumbergerSema seeks a Bl 
Web Developer for our office in 
Raleigh, North Carolina to par- 
ticipate in the development and 
support of B2C and B2B appli- 
cations within a fast paced envi- 
ronment. As a member of the 
Enterprise Intelligence Team 
your responsibilities will include 
support and development using 
Vignette Content Management 
Server. Tool Command 
Language (TCL) Flash 
Photoshop 6, Crystal Reports 
and Microsoft technologies (VB 
ASP, Commerce Server 2000 
SQL Server 2000). Additional 
duties include support of Movex 
ERP system and web front end 
support, PMX Core (e-com- 
merce engine), WebTrends 
Developers Kit, Cognos Product 
Suite (Impromptu Web Reports 
Powerplay Enterprise Server 
Cognos Query), and application 
debugging and testing 
Requires: Bachelor's Degree in 
Computer Science, Computer 
Engineering, Mathematics or a 
related field, and two years of 
experience in support and 
development of Vignette 
Content Management Server. 
Tool Command Language 
(TCL), Fiash, Crystal Reports 
and Microsoft technologies 
Please send resume to 
SchiumbergerSema Attn 
Personnel Dept. #SS/001 
30000 Mill Creek Ave., Suite 
100, Alpharetta, GA 30022 
E.0.E 


COMPUTER PROFESSIONALS 
Opportunities for 


* WEB ARCHITECTS, 
DEVELOPERS 
SYSTEMS ANALYSTS 
WEB GRAPHIC DESIGNERS 
NETWORK ENGINEERS 
* PROGRAMMER/ANALYSTS 
* SOFTWARE ENGINEERS 


SKILLS 


* COLD FUSION + SPECTRA 

* ORACLE + VISUAL BASIC 

* VISUAL C++ + SIEBEL * ASP 
* COM, DCOM « JSP * HTML 

+ JAVA, JAVA BEAN + EJB JAVA 
SERVLETS + WEBSPHERE 

+ IBM MQ SERIES + XML,UML 
* MTS * CLARIFY * PERL 

+ OBJECTPERL « SPYPERL 

* SMALLTALK + PL/SQL 

+ VISUAL AGE + COBOL, SPL 
UNIX 


Visit our website @ 
www.computerhorizons.com 


Attractive salaries and benefits. 
Please forward your resume to: 
H.R. Mgr., Computer Horizons 
Corp., 49 Old Bloomfield 
Avenue, Mountain Lakes, New 
Jersey 07046-1495. Call 973- 
299-4000. E-mail: jobs@ 
computerhorizons.com. An 


Equal Opportunity Employer M/F 


Senior IT Consultant - Atlanta, 
GA. Plan & direct implementa- 
tion & customization of ERP 
(Enterprise Resource Planning) 
systms to fit clients’ business 
needs. Consult w/managerial & 
systms analyst personnel! to 
clarify needs, identify problems, 
suggest changes, & determine 
extent of prgmg & coding reqd 
Manage IT personnel in dvipg 
maintaining, improving & sup- 
porting ERP s/ware implementa- 
tion projects. Modifies proce- 
dures to increase efficiency &/or 
adapt to new reqmts using ERP 
systms. Supv overall dvipmt of 
prgms. Supv & train subordi- 
nates in ERP sysims dvipmt. 
Proposes ERP systms to clients 
in achieving bus solutions. BS in 
Comp Sci or Engg (or foreign 
equiv) & 5 yrs exp in ERP 
systms dvipmt, inci 2 yrs project 
mgmt exp. $75K. Resumes to: 
Vedic Group, H.R., 14202 
Parkview Lane, Alpharetta, GA 
30005 


|B enV acne 


Product Manager, Commercial 


GE Network Solutions, a major 
designer and developer of geo- 
graphic information systems 
software for the telecommunica- 
tions industry has an opening in 
its Englewood, Colorado, office 
for a Commercial Product 
Manager who will develop new 
product initiatives and product 
collateral for GIS software; as 
well as develop marketing and 
business strategies and material 
for technical solutions, sales and 
service for customers. The prod- 
uct manager will also represent 
GENS to industry organizations 
review proposals for GIS prod- 
ucts; and complete risk assess- 
ment, orders forecasting and 
operating margin determination 
for product contracts. Additional 
responsibilities include resear- 
ching industry-wide technical 
advances and market financial 
trends; managing relationships 
with external partners; and 
preparing proposals for software 
licenses and contracts 

Qualified applicants will have a 
minimum of six years experi- 
ence developing geographic 
information systems software for 
the telecommunications indus- 
try 

Applicants should send resumes 
to Kristin Gillen, GE Network 
Solutions, 5600 Greenwood 
Plaza Blvd Suite 300 
Englewood, CO 80111 
Applications wili be accepted via 
mail only, not by fax or email 
please reference job number 
R2154SC 


Lead Oracle/internet Developer 
sought by pharmaceutical R&D 
Co. in Princeton, NJ. Candidate 
must have a Master's degree or 
equiv in Comp Sci & at least 5 
yrs of exp in IT, specifically appli- 
cations development. The fol- 
lowing skills are required: 1+ 
years in pharmaceutical indus- 
try; exp w/business develop- 
ment environment and Strategic’ 
Intelligence function; min. 3 yrs. 
exp in web development using 
Java/JSP/Serviets/Oracle (ver- 
sions 7-9i, Oracle Application 
Server 9iIAS); Oracle DBA certi- 
fication; exp w/ Documentum 
WDK 4.2.4; Documentum Web 
Development Kit; exp w/ data 
modeling using ERWIN & Visio. 
exp in full life cycle software 
development of IT projects & 
applications including design 
development, testing and deliv- 
ery. Ability to lead a small team. 
manage vendor responsibilities 
on projects; possess excellent 
verbal/written communication 
skills in order to provide techni- 
cal options to business users 
Send resume to: Strategic 
Staffing, BMS, M/S E14-12 
Route 206 & Provinceline Road 
Princeton, NJ 08540 Job Code 
NS-788 


Sr. Programmer Analyst for 
requirements analysis, design, 
test, integrate, evaluate web 
based object oriented applica- 
tions using MVC, J2EE & 
Websphere studio. Software 
engineering using Rational uni- 
fied Process; build Java applrs., 
web services using HTTPS & 
SOAP; design mail agents using 
MQ Series, JavaMail, JMS 
Oracle9!I & Websphere. Provide 
tech. supp., PM, & troubleshoot- 
ing; monitor performance using 
jProbe; debug & maintain exist- 
ing appins. Write specs., docu- 
mentation & programs for soft- 
ware appins. in wide range of 
networking environments 
Requires MS in Computer 
Science + 1 yr. of exp. in 
Software Develop. Competitive 
salary Apply to Software 
Superheroes, LLC, 4867 
Ashford Dunwoody’ Road, 
#5003, Dunwoody, GA 30338 
with proof of permanent work 
authorization in US. 


IAA BURP UP UMD ALAR 
As the world's largest Options 
Exchange, the Chicago Board 
Options Exchange (CBOE) 
we rely on the latest tools and 
technology to maintain market 
leadership in the options 
industry. Our Systems depart- 
ment plays an integral role in 
ensuring that our growth con- 
tinues. We currently have the 
following opportunities 


* Engineer 
(job id#: MGCW/309383) 
* Sr. Programmer Analyst 
(job id#: MGCW/308482) 
* Programmer Analyst 
(job id#: MGCW/301680) 


As part of the CBOE, you will 
enjoy a competitive salary and 
excellent benefits. For further 
consideration, please e-mail 
your resume 
cboe@hiresystems.com. 
ensure appropriate routing of 
your resume, please refer- 
ence the above job id# in the 
subject line of your e-mail 
For further information regard- 
ing these opportunities as well 
as other opportunities, please 
visit our website at 
http:/www.cboe.com. CBOE 
is an equal opportunity 
employer M/F/D/V 


InfoGroup NW seeks CSA for HQ 
office in Eugene, OR. DESC 
Anlyz. existing info. sys. & user 
reqs. Specify, order, install, & cus- 
tomize hardware & s/w for corp. 
web based customer service & 
tech. support site util. IRM 
Tracker, OpenView. Dsgn, dev, & 
imp!. ROBMS & web apps. util 
PHP, MySQL, PostgreSQL, SQL 
Server, Clearcase, JavaScript 
EJB, JDBC/ODBC, JBoss, XML, 
Perl, ASP, & shell script on Unix & 
Win o/s. Build & test web & app. 
servers & install o/s, bundied s/w 
packages. REQ: BS in Engr, CS. 
or rel. field of study + 1 yr. exp. 
dsgn, dev, & impl. RDBMS & rel. 
web apps util. IRM, MySQL, PHP, 
Clearcase, PostgreSQL, EJB. 
JBoss, SQL Server on Unix & Win 
plats. Prem. sal. + benes. Pls. 
reply to S. Rexius, Job#IG-101 
2225 Coburg RD, Eugene, OR 
97401 


CLIENT-SERVER APPS ANA- 
LYSTS. provide tech support for 
claims and/or financial systems. 
and seamless integration with 
other in-house systems 
implement functions incl. opera- 
tion setup, conversion, migra- 
tion, etc. Perform data ware- 
housing & mining. Bacheloi's 
degree in Comp Sci, Comp 
Eng'g or related, plus 2 yrs exp. 
as programmer, software eng'r. 
sys analyst or related is accept- 
able. Applicant must have 
knowledge/experience of SQL 
data base and Crystal reports. 
MS operating system 2000 & 
Visual Studio Suite of products 
Proof of U.S. Work auth req'd 
Resumes to: L. Cannady/Motion 
Pic. Indus. Pension & Health 
Pians, 11365 Ventura Blvd, 
Studio City, CA 91604. No calls 
please 


Database Administrator’ 
wanted by Digital Mktg 
Agency in CT. Create 
database design & mod- 
eling; maintain production 
& dvipmnt database envi- 
ro; resolve database 
problems; assist in dvipm- 
nt of tech design docs. 
2yrs exp in job offered 
req. Respond to: HR 
Mngr/EURO, 372 
Danbury Rd, Ste 100, CT 
06897. 


Senior Software Developer 
Consultant. Provide tech leader- 
ship for dsgn & dvipmt of 
Internet & Intranet applics using 
MS tools & products; dvip inven- 
tory mgmt & e-commerce 
applics for B2B envrmt; eval 
user requests, analyze current 
operational procedures, identify 
probs, learn specific input/output 
reqmts & clarify prgm objectives; 
formulate & impimt plans to dvip 
& deploy applics for internal use 
& sales to customers; & provide 
structured analysis & dsgn of 
project specs for coding in comp 
lang. BS in Comp Sci or engg or 
related field +4 yrs exp in job 
offd or as Prgmr/Analyst or simi- 
lar duties under different job title 
Exp to incl Unix, Unix CVS, MS- 
DOS, Win NT 4.0, Oracle 7.x/8.0 
& Oracle Reports, SQL Server 
COM & HTML. Must be certified 
in MS VB, Oracle Prgmg, & 
Active Server Pages Prgmg 
40hrs/wk, $48K/yr. Must have 
proof of legal auth to work in US. 
Send resume to IA Workforce 
Center, 215 Watson Powell Jr. 
Way, Ste 51, Des Moines, IA 
50309-1727. Please refer to Job 
Order 1A1101678. Employer 
paid ad 


Positions are available for 
Software Development Engineer’ 
ll in Atlanta with a technology 
solutions company. The compa- 
ny architects and designs next 
generation software for point-of- 
sale and Internet systems in the 
retail industry including enter- 
tainment, petroleum with conve- 
nience or food stores, and 
restaurants 


The Software Development 
Engineer |i is primarily responsi- 
ble for developing financial 
reporting software for major sub- 
systems or sets of applications. 
Specific responsibilities include 
analyzing, programming, debug- 
ging, & modifying computer pro- 
grams for end user applications. 


Candidates for these positions 
should possess a Bachelor's 
degree in Computer Science or 
a related field and at least two 
years’ experience in a point-of- 
sale retail environment including 
software documentation, utilities 
and job control languages 
including SQL, data modeling, 
OO design, and Visua! Basic 
Apply with resume by mail to: 


Christie LoCurto 
Radiant Systems, Inc. 
3925 Brookside Parkway 
Alpharetta, Georgia 30022 


Developer: 2 yrs exp w/ 
CCOM,DCOM & back 
end MS SQL Server 
Relational Database De- 
sign & Implementation 
Enterprise Integration 
Application Tools & prior 
exp. w/ financial apps 
req'd. Submit resume to 
Dara Ambrose Judge 
Technical Services 1800 
Diagonal Rd. Suite 250, 
Alexandria, VA 22314 


Software Engineer wanted by 
medical software developer to 
perform research, design 
coding and testing of medical 
software applications using 
Java programming language, 
Enterprise Java Beans, with 
Oracle and Weblogic applica- 
tion server Bach in 
Computer Engineering req- 
uired. Send resume to Hamid 
Amjadi of Prime Clinical 
Systems at 3675 €E. 

Dr. A, 
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GIS Software Quality Control 
Specialists (Atlanta, GA & 
Jacksonville, FL): GIS Software 
test planning and preparation. 
Generate test cases and scripts 
using geographically referenced 
data, report and coordinate test 
activities, execute test scripts, 
record results in a defect track- 
ing pool and implement sound 
QA testing practices using 
GNIS, LODE data, GE Smaii 
World, Framme, Microstation & 
Autocad. Communicate and 
resolve QA _ issues’ with 
Programmers and Developers. 
Develop & initiate quality stan- 
dards for new software tools to 
implement new versions of GIS 
2 years exp. in job offered 
required. Think Resources, Inc. 
280 Technology Parkway, 
Norcross, GA 30092. No phone 
calls please. EOE 
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Senior Network En- 
gineer req’d for CT 
telecom co. Must be 
CCIE and have M.S. 
or equivalent, 4 yrs. 
Practical experience 
required. NO TELE- 
PHONE CALLS 
Please. Send Resu- 
me to: attn. Jim 
Florwick Globaicom 
LLC, P.O. 605,Old 
Greenwich,CT.06870 


CAD Potential, Inc. seeks Snr 
Applic. Engr./Automation Dev 
Program automation for Manf 
Process using C/C++ 
Unigraphics, UFUNC & GRIP. 
Dev. E-learning system for 
CAD/CAM. BS/Engr.+5 yrs rele- 
vant exp. or MS/Engr.+3 yrs rel- 
evant exp. Also seek Progr- 
ammer/Applic. Dev. dev+main- 
tain 2-tier&ntier appl for e-com- 
merce+corpo use. Using ASP 
VBScript, VB6, J-Script, HTML 
SQLL, etc. Mng & doc code 
changes. BS/Comp SC or 
Engr+1 yr relevant exp. Both 
Westminster job loc. Resumes 
to 1490 Wi2ist Ave 
Westminster, CO 80234, Attn 
HR 


SOFTWARE DEVELOPER, 
for int'l freight fwdg. Co. in 
Morristown, NJ. Req'd to con- 
analysis, dvipmt & 
of proprietary soft- 
ware for imp/exp sys. in 
AS/400 & S36 programs. Dvip 
& test new & revised sys. 
Must have Bach. Deg & either 
3 yrs exp in job offd or 3 yrs 
exp as Progr/Anist. Must be 
exp'd in Java, COBOL, RPG, 
CL & OCL. Send resumes to 
VP, IT-CC, Panalpina, 
1776 On-the-Green/67 
Park Pl., Morristown. NJ 
07960 


Financial 
Engineer-Must 
have at least MS 
degree; Employer: 
Pinnacle West 
Capital 
Corporation; 
Location: Phoenix. 
Fax resume to C. 
Enslow at 602- 
250-3007. 


Seeking qualified applicants for 
the following positions in 
Memphis, TN Senior Pr 
tammer__Analys' Formulate: 
define functional requirements 
and documentation based on 
accepted user criteria. Require- 
ments: Bachelor's degree* in com- 
puter science, MIS, engineering or 
related field plus 5 years of expe- 
rience in systems/applications 
development Experience with 
UNIX Sheil programming; C 
and/or C++; and SQL also 
required. “Master's degree in 
appropriate field will offset 2 years 
of general experience. Submit 
resumes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Orlando. 
FL 32810. EOE M/F/D/V 


Mngmnt Systms Anlyst: Admin. 
maintn, dsgn, dvip, code, test. 
instil, & impimnt IT appictns w/ 
Active Serv Pages, IIS, MTS, VB 
Scrpt, Active X DLL, Win 32, VB 
API, ADO 2.5, COM, C, Crysti 
Rprts Writer, Visual interdev & 
SQL Servr in Win envrnmnts 
Detrmn hiware, s/ware & instiltn 
options. Config & admin the 
server. Eval, mang & monitor 
d/bases. Dsgn & test new tech 
envrnmnts. Integ s/ware mngm- 
nt systms. Req. Bach or equiv in 
Comp Sci, Mngmnt, Buss Admin 
or equiv & 2 yrs exp. HR Mngr. 
Sky Bird Trvis & Tours, 26500 
NW Hghwy, #260, Southfid, MI 
48076 Fax: 248-372-4810 
(Code # ITNO2) 


F/T Computer Systems Adminis- 
trator. To manage information 
system activities and design 
POS systems using ual Ba- 
sic, Microsoft SQL Server 2000 
& 7.0, MS FrontPage, Access 
2000, and Vb Script. Must have 
4 yrs. of exp. Must have Bach- 
elor's degree or foreign degree 
‘equivalent in Software Engineer- 
ing. Course work must have 
included Computer Architecture 
& Microprocesso: urses. Sal- 
ary: Competitive. Send resumes 
to: T. Ford, Le Petit Bistro, Inc 
5600 Roswell Rd., East Bidg 
Ste 250, Atlanta, GA 30342. No 
Calls Please. 


Solutions Analysts wanted by 
IT comp in NYC to analyze. 
design/develo workfiow 
mgmt systems, carry out 
release/debug/quality assur- 
ance processes & automate 
regression/business _ tests/ 
build processes for Benefit 
Workflow and Equity 
‘Applications, PowerBuilder 
PL/SQL, Oracle, DB Artisan 
PVCS, Visual SourceSafe 
WinRunner, PowerGen, C++ 
OOD, Visio, Windows, UNIX 
Resumes to Vitech Systems 
Group, 401 Park AveSouth 
NY, NY 10016 


PROGRAMMER ANALYSTS 
Analyze/develop/test/Implement 
web-based Info management 
sys. on Windows/Unix platform 
apply 00 program.tech: Develop 
appl, modules using C/C++ 
Java and PL/SQL; design GU! 
screens and 
queries app to 
with Access/Or Paradox 
database using VB, SQL and 
Crystal Reports; perform debug- 

troubleshooting and user 
ort. Requires BS in 
Comp.Sc., Engr., or MIS, plus 6 
mon. exp. Full- 
itive salary 
Three Rivers S 
Box 4067 St. Louis, MO 
4067 


SBI is looking for the following 
positions for its offices in 
Houston, TX, San Francisco 
CA, Warren, NJ, Salt Lake 
City, UT and Portland, OR 
Programmer Analysts, Tech- 
nical Architects, Technical 
Consultants, Business Strate- 
gists, Systems Analysts, Soft- 
ware Engineers, Art Director, 
resumes by email or fax only 
to HR, SBi 2825 East 
Cottonwood Parkway, Suite 
480, Salt Lake City, UT 
84121 

careers@sbiandcompany.com 

Fax (801) 733-3201 
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Remedy Applications 
Engineer / System 
Administrator req'd 
for CT telecom co 
Must have M.S. or 
equiv’'t + 3 yrs. exp 
NO TELEPHONE 
CALLS Please. Send 
Resume to: attn. Jim 
Florwick Globalcom 
LLC, P.O. 605,0ld 
Greenwich,CT.068 


LAN NETWORK & DATA- 
BASE ADMINISTRATION - 
Maintain all comp. networks 
& databases. Req'd: MS 
in CS/rel'd field. & 1 yr. exp 
as network &/or database 
admin. Exp. w/ MS Access 
& Oracle; AutoCAD, UNIX 
Visual Basic, and PL/SQL 
Exp. w/ network/database 
admin. for eng’g firms 
Send resumes to Hirani 
Engineering, 47 Mineola 
Bivd, Mineola, NY 11501 
Attn: J. Hirani 


Infomerica is looking for sys- 

tem/programmer analysts, soft- 

ware/project engineers & com- 
nsultants. ¢ 


itinational company 

ices all over US 

We have openings for various 

levels IT professionals. 

Applicants must have degree 

and experience in the IT field 

Travel maybe required. Please 

visit www.cdicorp m for vari- 

ous positions & submit resumes 
EOE 


Senior Systems Analyst: Lead 
workgroup for project team to 
support existing systems and 
ojects. Support and 
elop systems in mainframe. 
Client- ver, mid range 
PC/LAN or PC Stand Alone 
Budget and project costs to IT 
Mgmt. Perform need based spe 
al assignments. Bachelors 
D e with relevant experience 
or substantial relevant experi- 
ence. Resume to: HR, Carison 
Wagonlit Travel, 3200 North 
Central Avenue, Suite 400 
Phoenix, Arizona 85012 


DATA MANAGEMENT ASSOC}- 
ATE (DATABASE DEVELOPER) 
sought by pharmaceutical research 
and development company 
Wallingford, CT. 
have a minimum 
Science degre plied Mathe- 
matics, Statistics or Computer Sci- 
ence (with coursework in applied 
mathematics or statistics). Know- 
of data management and 
data collection and evaiua- 
tion a plus. Strong leadership and 
communication skills required 
Send resumes to: Strategic Staffing 
Specialist, Job ’ 
Bristol Myers Squibb Co., P.O 
4000, Mail Stop E 14-12, Princeton. 
NJ 08540. 
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COMPUTER 

inovant currently has opportu- 
nities in the San Francisco 
Bay Area (Foster City and 
San Mateo, CA), Highlands 
Ranch, CO, Portland, ME, 
and Austin, TX for: 


* Software Engineers 

+ Systems Engineers 

* Systems Programmer Analysts 
+ Systems Management Analysts 
* Service Managers 

* Technical Support Analysts 

* Network Engineers 

+ Database Administrators 

* Business Analysts 


All Levels: BS (or equiv) or 
MS & up to-5 years of experi- 
ence required. Some travel 
may be required. You may 
send a resume to Inovant 
P.O. Box P, San Mateo, CA 
94402. Attn: Bobbie M2- 
12G. Please indicate position 
of interest. EOE 


INOVANT 


JUNIOR PROGRAMMER/ANA- 
LYST to analyze, design, devel- 
op, test, implement and main- 
tain web-based application soft- 
ware using Java, JSP, J2EE 
EJB, Serviets, VB, Java Script, 
Oracle, VB Script, Visual 
Interdev and Web Services 
under Windows operating sys- 
tem; Perform duties under close 
supervision of project director to 
ensure accuracy and that pro- 
ject progresses according to 
prescribed instructions and 
expected results are met 
Require B.S degree in 
Computer Science/Engineering 
or a closely related field with one 
year of experience in the job 
offered or as a Programmer 
Extensive travel on assignments 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Send resume to 
Srinath Duddilla, President 
SunPlus Data Group, inc., 3783 
Presidential Parkway, Suite 130. 
Atlanta, GA 30340; Attn: Job 
KD 


Web Developer to develop & 
administer large-scale corporate 
Web site w/remote Oracle data- 
base connections develop 
back-end integration strategies 
w/Oracle applications, SQL & 
related modeling tools; perform 
computational simulations 
develop, test & integrate NSAP! 
applications in C/Java & main- 
tain & improve database authen- 
tication system Respon. for 
Oracle database backup & 
changing database schema 
Min req's: BS in Comp. Sci 
Engineering or related field; and 
1 yr. & 6 months exp. in position 
or as Software Engineer/System 
Analyst respon. for developing 
Internet applications & related 
interfaces using Java/C for 
remote Oracle or related data- 
base technologies. Must have 
unrestricted authorization to 
work in U.S. M-F, 9:00am- 
5:00pm, 40+ hrs/week. Salary 
range: $69,000 to $110,000/yr. 
An EOE Send 2 copies of 
resume to Case No. 200115656 
Labor Exchange Office, 19 
Staniford St., 1st Fl., Boston, MA 
02114 


Software Engineers: Apply 
knowledge of software architec- 
ture to perform software devel- 
opment tasks associated with 
the modification, design, devel- 
opment, and debugging of soft- 
ware applications. Provide input 
to team leader and/or manager 
to develop schedules, mile 
stones, and priorities. Req. BS 
or equivalent in CS or 
Engineering, or related field 
plus proficiency in Java 2 SDK 
Oracle Spatial, ArcView, and 
ARC/INFO on NT and Unix 
Platforms. 40hr/wk, 9-5,$50k- 
$65k/yr Contact Byers 
Engineering Co., 6285 Barfield 
Rd. Atlanta, GA 30328. Attn 
Recruiter 


PROGRAMMER/ANALYST to 
analyze, design, develop, test, 
implement and maintain appli. 
cation software in mainframe 
and web-based environments; 
using Cool:Gen, IEF Composer, 
DB2, VS COBOL, JCL, CICS 
File-Aid, Comparex, CA-7 Job 
Scheduler, Endevor, Sync Sort, 
Visual Basic, DTML, Python 
Java, Java Script, XML/XSL, 
SQL Server and My SQL 
Require: B.S. degree in 
Computer Science, an Eng- 
ineering discipline, or a closely 
related field with two years of| 
experience in the job offered 
Competitive salary offered 
Apply by resume to: Frank 
Beaman, Global Software 
Development Services, Inc.,10 
South Fifth St., Suite 600. 
Minneapolis, MN 55402; Attn 
Job VA 


Computer Programmer 
Numeric LLC seeks Computer 
Programmer in our Chicago, IL 
loc. Involves SAS program- 
ming for clinical/pharmaceutical 
trials including for experimental 
design, protocol review, case 
report form design, database 
structure & statistical analysis’ 
plans. Develop & validate SAS 
programs, create and manage 
data sets, stat analysis, and sta- 
tistical reports. Must have a 
Bachelor's in Comp. Sci 
Statistics or related field and 
min. 1 yr relevant exp. Send 
résumé to Zach Davis, Numeric 
LLC, 233 East Lancaster Ave. 
Ardmore, PA 19003 


Programmer Analyst, 
PCBs: Fulltime. competitive 
salary offered. Requires) 
Bachelor degree in Comp- 
uter Science and 1 year 
experience in job or 
Instrument Engineer, PCBs. 
Must have proof of legal 
authority to work perma- 
nently in the U.S. No phone 
calls. Interested applicants 
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Continued from page 1 


iSCSI 


with iSCSI over the same 
wire,” said Bryce Mackin, 
chairman of marketing for the 
IP Storage Forum in the Stor- 
age Networking Industry As- 
sociation, a trade group in 
Mountain View, Calif. 

Joe Bishop, a database sys- 
tems engineer at NASA's Jet 
Propulsion Laboratory in 
Pasadena, Calif., said the lab 
plans to install an iSCSI net- 
work within the next 30 days 
or so. It will use an iSCSI soft- 


Continued from page 1 
Datacenter 


Under the current Datacen- 
ter program, OEMs are respon- 
sible for rigorously testing a 
complete hardware and soft- 
ware configuration — which 
typically includes a server, op- 
erating system, attached stor- 
age, storage backup utility and 
antivirus software — to ensure 
that it will provide the sort of 
reliability and performance 
customers expect from high- 
end systems. The test configu- 
ration must run for 14 days 
without a failure. 

Under the new 
program, Micro- 
soft has stream- 
lined the process 
so low-level com- 
ponent changes 
can be tested more quickly 
and reliably. Drivers or appli- 
cation components such as an- 
tivirus programs and backup 
utilities can be tested in as lit- 
tle as one day, once they have 
been certified through Veri- 
Test, the testing arm of Lion- 
bridge Technologies Inc. in 
Waltham, Mass. 

Bob Crownhart, an IT direc- 
tor at Premera Blue Cross in 
Mountlake Terrace, Wash., 
said the new, streamlined 
process could help his compa- 
ny. He recalled a case in which 
Premera wanted to shift to a 








TURES RUNDOWN 
Microsoft says it has improved the 
reliability of Windows Server 2003: 


@ QuickLink 36373 
www.computerworld.com 








ware kit from Network Appli- 
ance Inc. that is being an- 
nounced today. The iSCSI pro- 
tocol upgrade for NetApp’s 
800 and 900 series 
arrays is free. 

The network will 
be used to back up 
Sun Solaris servers, 
which hold flight, 
financial and proj- 
ect management data in Ora- 
cle databases, to network- 
attached storage devices made 
by NetApp. 

“We want fail-over capabili- 
ty between buildings on our 
campus,” Bishop said. By us- 


new driver level, only to learn 
that Unisys Corp. hadn’t certi- 
fied it yet. Consequently, Pre- 
mera had to make sure Unisys 
and the other vendor hooked 
up to work out the issue. “It 
was aggravation and delays,” 
Crownhart said. 

But the new certification 
policy won't help every cus- 
tomer. Koeneke said he was 
considering five storage ven- 
dors, but of those, only EMC 
Corp.’s had been included in a 
configuration that Unisys had 
tested. He recalled that he was 
once given a price tag of more 
than $100,000 to test a config- 
uration that dif- 
fered from the 
one Unisys had 
tested, though he 
was able to nego- 
tiate his way out 
of paying it. 

Bob Ellsworth, director of 
Microsoft’s Windows server 
product management group, 
acknowledged that substitu- 
tions of major components 
like storage subsystems in a 
Datacenter configuration will 
still require the 14-day retest. 
To address that, Koeneke 
wants Microsoft to come up 
with a set of predefined stan- 
dards for vendors to achieve 
Datacenter certification. 

Ellsworth said Microsoft has 
heard that suggestion from 
some customers but isn’t yet 
ready to support that kind of 


A SAFE BET 


An iSCSI array provides a quick 
and scalable fix for Safeco: 


@ QuickLink 36362 
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plugged in a 1.5TB iSCSI array 
in November to offload data 


ing iSCSI, the lab can take ad- 
vantage of its existing IP net- 
work and avoid the need to in- 
stall new cabling, he added. 
Joe Stocker, a 
network coordi- 
nator at Safeco 
Corp., an insur- 
ance and financial 
services company 
in Seattle, said he 


from three Compaq ProLiant 
servers that were using about 
90% of their storage space at 
the time. The array, made by 
San Diego-based IP SAN ap- 


| change. “It’s something that 
| we're investigating,” he said. 
Tony Iams, an analyst at 
D.H. Brown Associates Inc. in 
Port Chester, N-Y., predicted 
that the program changes will 
make it easier to certify prod- 
ucts on Datacenter, thereby 
making more systems avail- 
able to customers. That, in 
turn, might spur more Data- 
center usage, he said. 

Another change that’s 
catching the attention of some 
customers is the set of new 
support options that will take 
effect April 24, with the re- 
lease of Windows Server 2003. 
OEMs will no longer be the 
only choice for support. In- 
stead, users will gain the op- 
tion to contract for support 
from resellers, systems inte- 
grators or Microsoft. 

Customers that have pre- 
| mier support contracts with 
Microsoft will gain the benefit 
of having Datacenter as an in- 
cluded product. But they will 
need a separate registration if 
| they want access to Micro- 
soft’s High Availability Reso- 
lution Queue, a 24-hour direct 
hot line to engineers who can 
solve their problems. 

Pricing hasn’t been an- 
nounced for the high-availabil- 
ity resolution program, which 
is an expansion of the existing 
Joint Support Queue. 

Under the current system, 
OEMs are supposed to serve 











pliance start-up StoneFly Net- 
works Inc., cost $25,000 and 
took just one hour to install, 
Stocker said. 

Although he doesn’t think 
iSCSI technology is robust 
enough for large server envi- 
ronments, Stocker noted that 
the technology suited his pur- 
poses perfectly. For example, 
iSCSI required no additional 
network configuration work 
or IT training expenditures, as 
Fibre Channel technology 
would have, he said. 

It will take time for iSCSI to 
mature into an enterprise- 
class storage technology, said 


as the single point of contact, 
coordinating support among 
the various vendors that touch 
the Datacenter system. It re- 
mains to be seen how the new 
system will play out, since 
some early adopters don’t ap- 
pear to be following the exist- 
ing program’s procedure for 
requesting support. 

Larry Godec, CIO at First 
American Title Insurance Co. 
in Santa Ana, Calif., said he al- 
ready gets high-availability 
resolution. When his company 
has problems, it calls Micro- 
soft, which has “jumped 
through hoops” to resolve 
them, he said. Godec said his 
company’s OEM, Unisys, was 
mentioned as the single point 
of contact during a couple of 
conversations, but Microsoft 
didn’t balk in helping out 
when called first. 

Koeneke, too, said he isn’t 
shy about going directly to 
Unisys, Microsoft or his com- 
pany’s storage vendor, Hew- 
lett-Packard Co., with prob- 
lems. He said he can’t imagine 
going with a consulting orga- 
nization for support. 

“They aren’t in the engi- 
neering team at Unisys, Micro- 
soft or HP,” he said. “Microsoft 
is going to get bogged down 
with certifying a bunch of re- 
sellers of support, and I per- 
sonally have yet to see delivery 
on repair of the existing OEM 
support provision.” D 
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Tony Prigmore, an analyst at 
Enterprise Storage Group Inc. 
in Milford, Mass. But iSCSI 
will eventually find its way 
into data centers as an alterna- 
tive to Fibre Channel technol- 
ogy for some applications, he 
added. “We expect it to earn 
its stripes on the periphery 
and then, over time, migrate to 
elements of the core infra- 
structure,” he said. 

The protocol got off to a 
rough start last year when 
IBM stopped development of 
native iSCSI arrays after its IP 
Storage 200i appliance met 
with poor sales [QuickLink 
30960}. The company still of- 
fers the 200i, but Roland Ha- 
gan, vice president of market- 
ing for storage systems, said 
that in the future, IBM will 
likely resell iSCSI devices 
made by other vendors in- 
stead of developing its own 
technology. 

Despite IBM’s pullback, 
many small vendors are al- 
ready shipping iSCSI arrays, 
switches and host bus adapt- 
ers. And industry leaders such 
as Hewlett-Packard Co., Dell 
Computer Corp. and EMC are 
expected to roll out devices 
during the next few months. 

Another important mile- 
stone will be Microsoft Corp.'s 


| release of iSCSI software dri- 


vers for Windows. Microsoft 
said via e-mail that drivers 
should be available for Win- 
dows 2000, Windows XP and 
the upcoming Windows Serv- 
er 2003 within 90 days. D 


HOW IT WORKS 


= The iSCSI protocol uses 
IP-based networks to connect 
servers to storage devices. 


@ It encapsulates data and SCSI 
commands in TCP packet head- 
ers before sending them over a 
network. 


™ Once the packets arrive at a 
storage server, the headers are 
stripped off, and the data is 
stored. 


SOURCE: MICROSOFT CORP. 
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UCITA: Not Dead Yet 


S UCITA DEAD? Nope. True, only two states have adopted the 

proposed software licensing law called the Uniform Comput- 

er Information Transactions Act, and it’s opposed by a wide 

range of legal, consumer and IT organizations. And true, the 

American Bar Association just washed its hands of this “mod- 
el” legislation that’s notorious for giving software vendors a green 
light to booby-trap their products (see story, page 6). 


But dead? Don’t kid yourself. 


The National Conference of Commissioners 
on Uniform State Laws (NCCUSL) has worked 
on UCITA since the 1980s. It was originally 
going to be part of the Uniform Commercial 
Code (UCC), a set of standard laws that make 
it easier for companies to do business through- 
out the U.S. Under the UCC, laws governing 
many commercial activities are the same from 
state to state. 

And uniform state laws relating to software 
licenses would be good for software vendors 
and software customers alike — right? 

The NCCUSL’ lawyers spent a decade get- 
ting input and dealing with complaints and ne- 
gotiating language. They did their best. 

But UCITA ended up heavily slanted toward 
the interests of software vendors. It was so 
deeply flawed that by 1999, the NCCUSL’s part- 
ner in drafting UCC laws, the American Law 
Institute, refused to work on it. Since then, 
groups ranging from the American Library As- 
sociation to the FTC, IFEE, the Society for In- 
formation Management and a long list of cor- 
porate IT users have come out against it. Its 
main supporters are software vendors. 

What’s so awful about it? UCITA lets ven- 
dors change default license terms at will, with- 
out informing customers. And disavow any re- 
sponsibility for bugs. And sue a customer in 
any state of their choosing. 

Under UCITA, software vendors 
could booby-trap software so they 
could remotely disable it if a cus- 
tomer was suspected of violating 
the software license. 

It’s a bad law. And today, UCITA 
looks dead in the water. No state 
has adopted it since 2000, and three 
states have passed laws that actual- 
ly block UCITA provisions from be- 
ing enforced. It has no real chance 
of ever offering the benefits of a 
truly uniform law. 

So why doesn’t it just die? Why 





doesn’t the NCCUSL junk it and draft new soft- 
ware-licensing legislation that could actually 
become law in most states? 

There’s a clue in what NCCUSL President 
K. King Burnett wrote to the ABA last Monday: 

“After meeting with many section officers 
and other leaders of (the ABA] concerning the 
Uniform Computer Information Transactions 
Act, it is apparent that there is a strongly held 
view among a number of sections and dele- 
gates that this body shouldn’t take a position 
on the merits of UCITA. You are our friends, 
we respect your views. 

“We brought UCITA to you and attempted to 
present its merits in a manner that befits the 
standards of our organizations. In this respect, 
we have done our duty — we have no plans to 
bring this act back to the House. Based on the 
recommendation of so many of you, we have 
decided not to ask this House to take a position 
on this act.” 

He sounds wounded, doesn’t he? His feelings 
have been hurt. He’s done his duty, tried his 
best. But his baby has been rejected, and he 
won't expose it to further ridicule. 

That’s why UCITA won't die. For the 
NCCUSL, UCITA is a matter of pride, of crafts- 
manship, of history. The NCCUSL has invested 
15 years of work, sweat and negotiation in 

UCITA, in recent years fighting 
almost alone in the face of massive 
opposition. Burnett and his group 
are too proud to start over again. 
And since the NCCUSL holds the 
monopoly on drafting uniform 
laws, it’s UCITA or nothing. 

And that means it’s nothing — 
at least until someone persuades 
the NCCUSL to swallow its organi- 
zational pride. start from scratch 
and get it right. 

No, UCITA’s not dead. And we'll 
all have to suffer with that fact un- 
til the NCCUSL finally lets it die. D 
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Enterprise Storage Security: 


ontext, Challenges 
& Solutions 


he rapid growth of networked storage 


finds IT professionals calling for indus 


try standards and best practices. Users 


must share the responsibility for setting 


the storage security agenda. Groups such as the 


Storage Networking Industry Association (SNIA) 


Storage Security Industry Forum offer an opportunity 


to do just that. 


Over the past several years, a large 
number of enterprises have built net 
worked storage environments. These 
storage networks, using technologies 
such as NAS and SAN, have allowed 
firms to create scalable, flexible stor 
age infrastructures; improve produc 
tivity while reducing management 
costs; and promote the efficient use of 
enterprise information sources 
Storage networks also help business 
es develop cost-effective backup, data 
mirroring and disaster recovery pro 
cedures 

Yet the key assumption behind 
storage networks—that enterprise 
data is most valuable when it can be 
shared, distributed and replicated as 


easily and efficiently as possible—is 


also a source of significant risk. As 
networked storage systems evolve 
beyond the data center and expand 
throughout the enterprise, mission 
critical data becomes more vulnera 
ble to unauthorized access, alteration, 
theit and misuse. As storage capacity 
continues to increase (many enter 
prises double their capacity every six 
to eight months), so does the amount 
of data at risk—and the potential 
damage such a breach could inflict 
The trend toward networked 
enterprise storage environments 1S 
inexorable; the economic and opera 
tional benefits of the technology asso 
ciated with networked storage are 
simply too significant to ignore 


owever, far TOO Tew Li ofessionais 
H far too few IT professional 


have a clear understanding of storage 
security issues or a firm grasp on the 
solutions available to them 

In order to help enterprise storage 
users evaluate their storage security 
risks, associated security require 
ments and solutions, this paper will 
examine the following questions 

@ Are enterprise users aware ol 
storage security issues? 

@ How should we define storage 
security? 

@ What types of storage security 
solutions are necessary? 

@ What is the best way to achieve 
these solutions? 

Ultimately, storage security isn't 
simply a matter of finding and imple 
menting the right technology solu 
tions. Businesses must also demon 
strate to vendors and _ solutions 
providers that they consider storage 
security an important IT issue, and 
that they deem storage security a high 


priority for the industry. 


Perception vs. Reality 

Security is obviously a vital con 
cern for any enterprise IT profession 
al. And many IT managers under 
stand that storage networks present 


unique security challenges, due to the 
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mission-critical nature of enterprise 
data systems and the potential conse 
quences of a storage security failure 

A recent study conducted by the 
SNIA Storage Security Industry 
Forum (SSIF) concluded that enter 
prise IT managers do indeed consider 
storage security an Important Issue, 
and that most managers have made an 
effort to improve their companies’ 
security postures 

On a more granular level, however, 
the study also found a great deal of 
uncertainty and unease. An over 
whelming number of end users don't 
know if their efforts have succeeded 
Those users are frustrated at the lack 
of best practices, industry standards 
and even a basic common languas 
for discussing storage security issues 
with vendors. Moreover, most users 
rely on default security features with 
in individual vendors’ storage prod 
ucts, rather than adopting a proac 
tive, comprehensive approach 

This uncertainty has a direct (and 
negative) impact on how IT profes 
sionals deal with storage security 
issues. Based on research conducted 
by the SNIA SSIF, as well as discus 
sions with leading industry analysts 
and consultants, IT managers com 
monly face four storage security mis 
conceptions 

@ It’s someone else’s problem. In 
many enterprises, network adminis 
trators, storage managers and system 
administrators lack the authority, 
resources and expertise to take 
responsibility for storage security 
issues. “The problem is that few I 
professionals understand both securi 


ty and stor says Jamie Gruener, a 
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senior analyst with the Yankee 
Group. “Pec have expertise in one 
discipline or another, but there's not 
much crossov As a result, storage 
security issues often fall through the 
cracks 
@ It can't happen here. IT man 
agers may assume that storage net 
works are less vulnerable to security 
failures due to the relatively insular 
nature of these networks. However, 
most stora networks empha 
high availability and powerful 
management tools, rather than robust 
security; this can expose a storage 
network to significant vulnerabili 
ties, such as potentially damaging 
insider attacks. In addition, business 
es may associate SAN security proce 
dures with the perimeter defense 
measures commonly used in corpo 
rate LANs, making them even more 
vulnerable to internal compromise 


@ It’s already been fixed. Many 


IT professionals rely on default secu 
rity features in storage products as 
their firs-—and sometimes only— 
lin defense. At the same time, 
many vendors configure their prod 
ucts under the assumption that users 
will implement network-level storage 
security solutions. This cycle, in 
which each party expects the other to 
take primary responsibility for secu 
rity, can lead to serious problems 

@ It can't be helped. The uncer 
tainty many IT professionals feel over 
storage security practices may leave 
them unable even to assess the effec 
tiveness of their security solutions 
“There’s an enormous problem 
caused by the lack of widely under 
stood best practices. In fact, it’s not 
clear that re even are best prac 
tices,” says Mike Karp, senior analyst 
with Enterprise Management 
Associates. This uncertainty can 
make it more difficult for IT managers 
to sign off on additional security 
investments, since they lack the con 
text and standards to weigh the 


impact of those investments 


Defining the Problem 


To avoid these misconceptions, it’s 
essential to understand where, when 
and how to recognize storage securi 
ty risks. Within an enterprise IT 
infrastructure, those risks involve 
four key areas 

@ Servers, hosts and applica- 
tions. Even in SAN environments, 
hosts and application servers are usu 
ally linked to the corporate LAN, 


allowing access to the storage net 


work through these points 


@ Storage con ity. The hubs, 
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switches and directors that link 
servers and storage systems are also 
sources of significant vulnerability. 
Physical transport, for example, is 
susceptible to wiretapping; traffic 
interception and redirection; and 
other forms of attack 

@ Storage subsystems and 
media. Security threats to storage 
devices, subsystems and media (the 
physical core of a storage network) 
can be an even greater threat than 
access to data in transit, since 
destroying or damaging these systems 
may have a devastating impact 

@ Management access. Given the 
power and flexibility of storage net 
working management tools, inade 
quate security on a single manage 
ment console can compromise even 
the most comprehensive security 
solution. 

These areas of vulnerability sug 
gest that the greatest threat to storage 
security comes from within the cor 
porate firewall, and perhaps even 
from within an IT organization—a 
suggestion supported by research and 
expert opinion. According to various 
industry studies, between 50% and 
70% of security breaches are attacks 
by disgruntled employees, contrac 
tors or IT staffers. “Insiders far out 
weigh outsiders in terms of security 
threats,” says Tom Petrocelli, presi 
dent of Technology Alignment 
Partners. “It’s easy enough to mess up 
a SAN without even trying—imagine 
what could happen as a result of a 
truly malicious attack.” 

In addition to weighing the likeli 
hood of internal and external threats, 


firms must consider the security 


implications of simple errors. If an 
employee destroys data through a 
configuration error or other innocent 
mistake, the loss to the enterprise is 
just as real as if an intruder had delib 
erately attacked the system. To make 
matters worse, senior managers may 
never learn about these “indirect” 
security failures due to fear of retalia 
tion, leaving them unaware of the true 
scope of the problem 

Finally, the compartmentalized 
nature of many IT organizations rein 
forces the tendency to associate data 


integrity with the application, rather 


To avoid misconceptions, 
it’s essential to under- 
stand where, when and 

how to recognize storage 

security risks. 


than with the storage infrastructure 
as a cohesive system. Administrators 
may, for example, treat authentication 
and authorization procedures as 
application-level data security tools 
rather than as internal, system-wide 


storage sec urity com ponent S. 


Building Effective Solutions 


The scope and scale of these chal 


lenges demand more than technical 
solutions; enterprises must rethink 
their storage security priorities and 
practices from the ground up. From 
an operational perspective, IT man 


agers should consider two fundamen 


tal changes in their thinking about 
storage security 

@ Raising awareness. Decision 
makers must recognize storage secu 
rity as a distinct and important IT 
priority. “Managers know security is 
a huge problem at the corporate level, 
but they don't always recognize how 
insecure their storage networks really 
are,” Yankee Group’s Gruener says 
“In fact, the data on their storage net 
work is a lot more valuable, and 
requires a higher level of security than 
most of the data moving across their 
IP LAN today.” 

e@ Assigning responsibility. 
Senior IT managers must also assign 
the resources and responsibility 
required to deal with storage security 
issues—including the ability to eval 
uate, purchase and implement securi 
ty solutions. “A lot of IT executives 
don't see this as something they 
should invest in,” Enterprise 
Management Associates’ Karp says 
“They have to see storage security as a 
strategic issue, and they have to get 
involved rather than handing it off in 
piecemeal fashion.” 

IT managers should also recognize 
that point solutions—the “silver bul 
lets” of storage security—are at best 
partial remedies and at worst a waste 
of resources. In addition, managers 
must understand that traditional net 
work security measures, including 
virtual private networks; software 
and application-level encryption; and 
LUN (logical unit number) masking 
and zoning, are an inefficient and 
incomplete way to manage security 
risks. To be sure, these measures— 


when implemented in a comprehen 
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The industry needs to 
focus on defining and 
publicizing a set of uni- 
versally accepted storage 
security best practices. 


sive fashion—can provide additional 
layers of security, but a truly effective 
solution will encompass two key 
classes of security technology: storage 
encryption and  authenticatic 
authorization and access control 

Storage security encryption appli 
ances provide several benefits. They 
operate at wire speed, and they pro 
vide end-to-end data security over a 
storage network no matter where the 
data is sent or received from 
Encryption appliances also provide 
integrated key management; help 
enterprises comply with government 
data privacy directives; extend a con 
sistent security standard across both 
in-transit and at-rest data; and allow 
IT managers to outsource storage 
management functions (such as key 
management) to their clients 

Storage encryption offers another 
important advantage as well; it can 
actually improve efficiency and cut 
management costs for enterprise 
storage networks. By assigning differ 
ent keys to different classes of data— 
for example, human resources vs. cus 
tomer service information—an enter 
prise can segregate data classes with 
out providing separate, fully redun 


dant physical storage resources. This 
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represents an unusual and welcome 
departure: a security solution that 
generates a direct and measurable (if 
still secondary) return on investment 

The next class of security technol 
ogy—authentication, authorization 
and access control—is just as vital. 
Storage network zoning provides a 
measure of access control. However, 
enterprises may want to consider 
“intelligent” storage switches that 
provide integrated authorization, 
authentication and accounting fea 
tures. These solutions provide access 
control by specifying which devices 
can attach to which ports; reduce the 
risk of accidental configuration 
errors, support transport independ 
ent authorization techniques; and 
enable more efficient mar ment 
and accounting procedures 

Typically, such solutions include 
robust policy-based authorization 
features that give IT managers a great 
deal of control over who can access 
particular segments of a storage net 
work or execute particular stor 
management responsibilities. As a 
result, when combined with robust 
encryption appliances, they create 


powerful and scalable solutions 


Technology Isn't Enough 


\ growing number of vendors are 


entering the storage security market 
with encryption appliances, intelli 
gent switches, management software, 
firewalls and other components 
required to build a comprehensive 
storage security solution 
Unfortunately, as long as deeper 
problems remain, the storage net 


working industry cannot meet cus 


tomers’ security needs simply by 
introducing new products. Among 
the lingering problems are a dearth of 
industry standards, widely accepted 
best practices and a common lan 
guage for defining and discussing 
storage security issues 

ling to Michael J. Alv: 
chair of the SNIA SSIF, storage securi 
ty standards must rise to meet two 
major challenges. “The storage net 
works of the future will be even more 
highly distributed than they 
today, with far more points of access 
and more non-technical users access 
ing them,” Alvarado says. “As storage 
infrastructures move away from 
being tightly controlled and include 
more points of vulnerability, the 
industr s a set of consistent, 
vendor-neutral standards for manag 
ing these vulnerabilities.” 

Alvarado adds that storage securi 
ty standards must move away from an 
emphasis on perimeter security—a 
reflection of established IP-based net 
work security models—and toward a 
layered approach. “There are current 
ly no standards that allow us to 
extend a single authentication model 
through the lower layers of a storage 


network, or to unify different layers 


. 
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VERITAS Software owns 46% of the backup and recovery software market 


for UNIX and Windows environments, according to a leading industry analyst 


VA eee 


f oe oar P 


for security management and coordi 

ne says. “We need that level 
of coordination, and the standards 
setting process needs to focus on 
those types of issues.” 

The industry also needs to focus 
on defining and publicizing a set of 
best practices; many experts call this 
the most urgent problem facing busi 
ness users today. “Many enterprises 
still don't understand exactly how to 
manage storage networks; there’s no 
frame of reference, and what is avail 
able is often focused on the corporate 

xe networks,” Yan 
Group’s Gruener says 

The lack of best practices also has 
a negative impact on vendors, many of 
which still have a relatively low pro 
file in the industry. “Storage security 
companies don't have much visibility, 
and that won't change if people have 
problems, because they won't think of 
them as being storage problems,” 
Enterprise Management Associates’ 
Karp says “The lack of a systems-level 
approach to the problem is frustrat 
ing; these point solutions can’t possi 
bly work, but there’s no understand 
ing or attempt to fix the complete 


environment.” 


Conclusion: Making Change Happen 


Enterprise users are more than 


just technology consumers in this 
process; they are vital catalysts for 
change and growth in the storage net 


working industry. Although storage 


g 
vendors are eager to tap into new 
markets, they can be equally reluc 
tant to disrupt existing market 
opportunities. As a result, much of 


the responsibility for promoting 


industry standards and best practices 
(and for creating demand for the tech 
nologies that will incorporate these 
standards) inevitably falls on compa 
nies that use storage networking 
products 

In order to accomplish this, users 
must make it clear to vendors that 
storage security is an important pri 
ority that will affect both their stor 
age networking strategies and their 
investment decisions. This involves 
asking vendors to deliver product 
roadmaps, detailed explanations of 
their storage security technologies 
and othe cific evidence that they 
are committed to embracing security 
requirements 

Collective action is an equally 
important part of the 
Industry groups such as the Storage 
Security Industry Forum within the 
SNIA give users an opportunity to set 
the storage security agenda, promote 
industry standards and give vendors a 
clear picture of their customers’ 
needs. 

Moreover, participation at this 
level is more than simply a communi 
ty-building exercise; it has a direct 
and immediate impact on the prod 
ucts, technologies and standards on 
which companies build their IT infra 
structures. “As more companies 
engage with us and give us a clear 
view of their requirements, we're able 
to address the vendor community 
with a single voice and to make it 
clear that storage security is a vital 
issue,” Alvarado says. 

In fact, for many enterprises, stor 
age security is rapidly turning into a 


high-stakes game with no clear rules 


Storage networks aren't just the latest 
technology fashion; they are quickly 
becoming as pervasive, powerful and 
essential as the corporate LAN. Yet 
it’s also clear that businesses must 
rethink their storage security 
assumptions and requirements in 
order to apply this technology safely 
and effectively. Ultimately, IT profes 
sionals face a clear choice: manage 
their firms’ storage security risk 
today, or manage the consequences 


tomorrow. 
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A: Mike Alvarado, SSIF Chair 


Michael ]. / 


arado is chair of the newly formed Storage 


Security Industry Forum and is senior product manager at 


NeoScale 


tems Inc. Alvarado has been involved in the 


storage networking industry for over 15 years; he has been 


instrumental in developing customer and industry accept 


ance for next-generation SCSI-interface products, the 


Direct Access File System, a new file protocol, and the Open 


Storage 


SSIF’s mission. 


rity Indust 
does it do? 

Alvarado: SNIA created the SSIF to 
understand and document end-user 
requirements of storage security 
practices. To accelerate the develop 
ment of storage security solutions, 
SSIF is communicating this feedback 
to industry technical groups for 
incorporation into upcoming stan 


dards, initiatives and best practices. 


Q: Why are standards important? 

Aivarado: Standards let users build 
consistent policies and practices for 
their entire enterprise. Without a 
common set of standards, end users 
in the enterprise must implement a 
multitude of product-based stan 
dards, which will defeat their abil 
to have a consistent security policy 
that’s executed consistently. Without 
consistent implementation of policy, 
security will never be optimal or 


effective 


Q: What concerns do users have 
about storage network securit 

> top concern is con 

any users fear that 

something like an incorrect configu 


etworking Initiative. We asked him to discuss the 


ration on a switch or a storage node 
will result in data loss. 

Storage management applications 
are another major concern, due to the 
openness ol the environment in 
which they're deployed. Unlike any 
other part of the storage architecture, 
management applications can sub 
vert or undermine security cc ls 
installed at the device, record or block 
layer. Thus, they have significant con 


trol In a storage env ronment 


at are some of the myths 
about security and IP storage or open 
storage networking? 


Alvarado: Th assumption 


behind storage networks—that 


enterprise data is most valuable when 
shared, distributed and easily and 
efficiently replicated—also repre 
sents a source of significant risk. As 
networked storage systems evo 
beyond the data center and expand 
throughout the enterprise, mission 
critical data becomes more vulnera 
ble to unauthorized access, alteration, 
theft and misuse 

IT managers may assume that 
Fibre Channel SA 


ble to security failures due to the rela 


are less vulnera 


tively insular nature of these net 


works. Yet the fact that most SANs 
emphasize high availability and pow 
erful management tools, rather than 
robust security solutions, can expose 
a Fibre Channel SAN to significant 
vulnerabilities, such as_ insider 
attacks. 


Q: What role do end users play in 
SIF’s communication with ven 


Alvarado: SSIF has created a 
Customer Advisory Board that pro 
vides direct feedback about what’s 
critical for the industry to focus on 
By providing this input, end users 
assure themselves that development 
plans and priorities are set in the 


right direction 


Q: Do customers have a wide vari 
ety of secure storage networking 
options to choose from in today’s 
environme 

Alvarado: End users must drive the 
storage security agenda. They must 
begin to demand storage security 
roadmaps of standards, initiatives 
and vendor solutions. There are many 
solutions available; the real challenge 
is to make sure these solutions follow 
industry standards. 


Q: Where can people get more 
information about storage security? 

Alvarado: The SSIF is unveiling a 
new Web site that will be a single 
portal at which users can gain a broad 
perspective on available issues and 
solutions. White papers, links to key 
information sources, news about 
standards and technology alterna 
tives are all easily accessible. For more 
information about this site, people 
can contact ssifchair@ 
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“Proper attention to the security 
issues of storage networking is long 
overdue. The SSIF is the only organi 
tion that fosters better both industry 

ation and higher user aware 

SIF also lets customers help 

set the agenda. The success of the SSIF 

will help everyone who sells or uses 

storage networking, and we're proud 
to be a contributor to that effort.” 

— LeRoy Budnik, managing 

partner and founder, 


Knowledge Transfer 


“SNIA and SSIF bring together 
leaders in the software and hardware 
industries to increase the attention 
and understanding about a complex 
industry. Interphase looks forward to 
sharing our storage networking 
expertise in h hardware and soft 
ware, as it applies to the emergence of 
security protocols. We're committed 
to delivering standards-based storage 
networking security solutions that 
interoperate with those from other 
SNIA vendors.” 

—Randall McComas, 
vice-president of global sales 


and marketing, Interphase Corp. 


“SSIF represents an important 
effort in building a comprehensive 
SAN framework to address customers’ 
security concerns. As a major contrib 
utor to security standards and chair of 
the T-IIS 


is helping create security protocols for 


ity Workgroup, Brocade 
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authentication, access control, and 
confidentiality through the adoption 
of standards. Brocade is proud to work 
with other SNIA members to build 
secure storage networks and promote 
standards-based solutions that are 
highly scalable and fully manageab 


y Kidd, vice-president of 


product marketing, Brocade 


“Now that 


moving toward including support for 


tworked storage is 


IP transport, data is more susceptible 
to integrity and privacy attacks. As the 
leader in network security, Hifn is well 
placed to contribute to the security of 
storage networks. As an active mem 
ber of SNIA, Hifn will bring our 
expertise to the security best practices 
database.” 

— Doug Makishima, 
vice-president of marketing, Hifn 
“Enterprises anding their 

storage infrastructure to achieve 
greater availability and integrity 
> reducing operational risks, this 

may increase the exposure of unautho 
d access to sensitive data. 
NeoScale views the SSIF as a great 
vehicle for increasing the awareness of 
and potential solutions for addressing 
stored data confidentiality. Industry 
standards and best practices are essen 
tial in order to cost-effectively yield 

distributed data protection.” 

— Aseem Vaid, CEO and 


co-founder, NeoScale S 


“With SANs becoming main 
stream, co for protecting the 
data on them has increased. QLogic 
develops standards-based — Fibre 
Channel and iSCSI SAN products that 
address customers’ security concerns 
The SSIF provides an important forum 
not only for driving these standards, 
but for determining SAN security best 

ices” 

— Frank Berry, vice-president of 

marketing, QLogic Corp. 


e increasing vulnerability of 
data networks and the deployment of 
virtual storage networks across multi 
ple sites using public and private IP 
networks are driving the need for IP 
security solutions at every access 
point. Adaptec is excited about sup 
porting the SSIF’s mission to identify 
best practices for building secure stor 
age networks and promoting stan 
dards-based solutions.” 

— Glen Clowney, director of 


marketing for IP storage, Adaptec 


“As storage networks expand and 
customers leverage their information 
infrastructure across different appli 
cations, security becomes a top priori 
ty. As a major contributor to the Fibre 
Channel Security Protocol standard, 
McDATA is we with its SSIF 
partners to develop security solutions 
that make sense. The SANtegrity 
Security Suite, McDATA’s security 
solution, provides flexible, easy-to 
manage, standards-based and compre 
hensive techniques that give cus 
tomers peace of mind.” 

— Mike Gustafson, senior vice- 
president of worldwide marketing, 

McDATA Corp. 
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EMC’s new Symmetrix DMX series with Direct Matrix Architecture. 

4 times the internal bandwidth and 10 times the cache bandwidth of any other 

storage system. 100% software compatibility. Unprecedented application performance, 
protection and availability. And all with surprising affordability. Now high-end storage 
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Getting Strategic With 


ape Backu 


For users that have outgrown DDS, Sony AIT 
solutions offer a clear migration path. 


If your company has had formal tape backup systems in place 
for a year or more, there's a good chance no one is giving them 
a lot of thought, beyond making sure that the regular backups 
are completed. But there are a variety of new business chal- 
lenges and advances in data storage technologies that make this 
the right time to take a fresh look at your tape storage strategy. 

Sony's Advanced Intelligent Tape (AIT) is a proven data storage 
format, now in its third generation, that many organizations are 
using to meet business chalienges in a more consistent and 
practical way. Unlike legacy tape solutions such as Digital Data 
Storage (DDS), organizations can use AIT to create a tape stor- 
age strategy that adapts to changes in IT requirements while 
meeting future performance needs 

Organizations often implement tape storage in an ad-hoc 
fashion, adding tape backup units to PCs and servers as need- 
ed, purchasing different units (and even different formats) for 
individual, workgroup and data center needs. Users of DDS 
tape systems whose tapes lack the capacity, speed or level of 
automation to meet burgeoning demands typically need to 
implement different tape storage systems for different needs, 
creating the lack of a consistent, broad strategy. That situa- 
tion relegates tape storage to a tactical (but still important) 
function, incapable of easily adapting to new business chal- 
lenges. Those challenges include 

Explosion of data — A few years ago, most users consid- 
ered only a handful of specialized documents or specific data- 
bases to be business-critical data. But that's all changed. E- 
mail files, Web site content, transaction data, multimedia 
files, sales materials and PowerPoint slides are among the 
business-criticai data that most organizations want to archive 
and protect on a regular basis. In 2000, the research firm IDC 
projected that data storage requirements would grow an aver- 
age of 87% annually. 

Increasing storage costs — With traditional backup sys- 
tems, more data means more tapes, and more tapes mean 
more money spent on media. Unfortunately, backup systems 
created 5 or 10 years ago simply aren't designed to handle 
the explosive growth of backup requirements we see today 
Consequently, companies are caught on a tape treadmill, con- 
stantly purchasing additional tapes to handle increased vol- 
ume 

Greater need for business continuity — While it's always 
been important to ensure that critical data can be recovered in 
the event of a problem, over the past few years, it's become 
critical to ensure that businesses can continue to function in 
the event of equipment problems or a disaster. For most com- 
panies the cost of downtime—even a few hours—can great- 
ly exceed the expense of adequate protection. 

New government mandates — A variety of organizations 
need to archive more data because of new government man- 
dates and industry standards that require increased protection 
of data, as well as the archiving and storage of a broader range 


Learn More About 


Sony AIT Solutions 


of corporate or customer data. For example, health care organi- 
zations must meet requirements for the Health Insurance 
Portability and Accountability Act (HIPAA), while financial serv- 
ices companies are subject to more stringent Securities and 
Exchange Commission regulations for data storage. 

Faster backup/reduced administration — Backup and 
restore processes take longer as the volume of business-criti- 
cal data that needs to be archived grows, both on the desktop 
and in the data center. The number of tapes necessary to han- 
dle that data also increases, as does the administrative over- 
head. In many organizations, IT personnel spend far too much 


AIT, your investment is protected. Indeed, since AIT was intro- 
duced in 1996, Sony has doubled capacity with each generation 
culminating in today's super-drive class AIT-3 

AIT also has a number of other important benefits when 
compared to DDS tape systems, including 

Better reliability — Sony AIT systems are rated for 100% 
duty cycle (unlike DDS), so they are perfect for automated 
libraries and network-attached storage needs. In addition, 
AIT’s helical scan recording and Advanced Metal Evaporated 
(AME) tape provide increased reliability, extended media life 
and reduced cleaning requirements compared with DDS sys- 
tems 

Smaller form factor — AME media and helical scan record- 
ing provide the highest density of any data tape, enabling high- 
capacity AIT systems to fit in a 3.5-inch format 

Fewer tapes, more capacity — All cartridges can hold up 
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AIT easily handles today’s, and tomorrow’s, storage needs. 
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time managing inefficient tape strategies and not enough time 
working on tasks that add value to the business. 

With such a wide range of new data storage challenges fac- 
ing companies, it's no wonder that traditional tape storage sys- 
tems have become almost more of a hindrance than a help 
What's needed is a way to turn archival data storage from a 
time-consuming chore to a strategic advantage—one that can 
help increase business continuity, increase IT flexibility, 
decrease the time spent on routine maintenance tasks and 
proactively meet evolving business needs 

A variety of data storage advances over the past few years 
bring just such dramatic benefits, especially to organizations 
currently employing DDS formats. For example, Sony's AIT data 
storage systems are designed to cover everything from PC back- 
up and workgroup-level requirements to automated data center 
needs. Instead of having multiple tape formats across these 
groups, Sony's AIT allows an organization to have a single tape 
format, providing a seamless migration strategy as backup vol- 
umes grow. Enterprises can upgrade to AIT gradually, replacing 
individual older systems as capacity needs dictate—typically 
for a price equivalent to that of traditional DDS-4 systems, but 
with increased performance, capacity and reliability. And with 
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to five times the uncompressed capacity of DDS-4, greatly 
reducing the number of tapes required for backups and there- 
by cutting the ever-growing cost of media 

Greater speed — With Sony's Memory In Cassette (MIC) flash 
memory chip, AIT cartridges provide much faster file access and 
recovery, reducing the amount of time it takes to recover lost 
data or downed systems and contributing to a strong business 
continuity plan 

Lower cost — AlT-1 drives cost less than DDS-4 drives, yet 
deliver increased capacity and speed 

As data volumes grow, perhaps you can make do with your 
current DDS tape systems by adding more tapes to the back- 
up rotation, allocating more time for maintenance and 
restoration, and using a jumble of different tape formats for 
different needs. But in the long run, it makes more sense to 
reconsider your data storage needs and to find a solution that 
will provide continuity, consistency and compatibility through- 
out your entire organization. With proven new technologies 
such as Sony's AIT tape storage systems addressing today's 
most pressing business and backup requirements, you can 
turn your backup processes into a business benefit instead of 
an IT liability. 


Download the free white paper, “Formulating A Tape Backup 
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